unix: fail with ENAMETOOLONG in uv_pipe_*

Fail with ENAMETOOLONG when the name of a Unix socket exceeds `sizeof(saddr.sun_path)`. Previously the path was just truncated, which could result in nasty bugs, and even though that behaviour has been always been around, it’s hard to imagine a situation in which ending up with an incorrect path is better than not creating a socket at all. Ref: nodejs/node#12601 Ref: nodejs/node#12708
addaleax · Apr 27, 2017 · 050f0f7 · 050f0f7
1 parent adedc27
commit 050f0f7
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 4 deletions.
diff --git a/src/unix/pipe.c b/src/unix/pipe.c
@@ -45,9 +45,14 @@ int uv_pipe_bind(uv_pipe_t* handle, const char* name) {
   const char* pipe_fname;
   int sockfd;
   int err;
+  size_t name_len;
 
   pipe_fname = NULL;
   sockfd = -1;
+  name_len = strlen(name) + 1;
+
+  if (name_len > sizeof(saddr.sun_path))
+    return -ENAMETOOLONG;
 
   /* Already bound? */
   if (uv__stream_fd(handle) >= 0)
@@ -67,8 +72,7 @@ int uv_pipe_bind(uv_pipe_t* handle, const char* name) {
   sockfd = err;
 
   memset(&saddr, 0, sizeof saddr);
-  strncpy(saddr.sun_path, pipe_fname, sizeof(saddr.sun_path) - 1);
-  saddr.sun_path[sizeof(saddr.sun_path) - 1] = '\0';
+  memcpy(saddr.sun_path, pipe_fname, name_len);
   saddr.sun_family = AF_UNIX;
 
   if (bind(sockfd, (struct sockaddr*)&saddr, sizeof saddr)) {
@@ -160,6 +164,14 @@ void uv_pipe_connect(uv_connect_t* req,
   int new_sock;
   int err;
   int r;
+  size_t name_len;
+
+  name_len = strlen(name) + 1;
+
+  if (name_len > sizeof(saddr.sun_path)) {
+    err = -ENAMETOOLONG;
+    goto out;
+  }
 
   new_sock = (uv__stream_fd(handle) == -1);
 
@@ -171,8 +183,7 @@ void uv_pipe_connect(uv_connect_t* req,
   }
 
   memset(&saddr, 0, sizeof saddr);
-  strncpy(saddr.sun_path, name, sizeof(saddr.sun_path) - 1);
-  saddr.sun_path[sizeof(saddr.sun_path) - 1] = '\0';
+  memcpy(saddr.sun_path, name, name_len);
   saddr.sun_family = AF_UNIX;
 
   do {

diff --git a/test/test-list.h b/test/test-list.h
@@ -135,10 +135,12 @@ TEST_DECLARE   (udp_try_send)
 TEST_DECLARE   (pipe_bind_error_addrinuse)
 TEST_DECLARE   (pipe_bind_error_addrnotavail)
 TEST_DECLARE   (pipe_bind_error_inval)
+TEST_DECLARE   (pipe_bind_error_long_path)
 TEST_DECLARE   (pipe_connect_multiple)
 TEST_DECLARE   (pipe_listen_without_bind)
 TEST_DECLARE   (pipe_connect_bad_name)
 TEST_DECLARE   (pipe_connect_to_file)
+TEST_DECLARE   (pipe_connect_to_long_path)
 TEST_DECLARE   (pipe_connect_on_prepare)
 TEST_DECLARE   (pipe_getsockname)
 TEST_DECLARE   (pipe_getsockname_abstract)
@@ -398,6 +400,7 @@ TASK_LIST_START
 
   TEST_ENTRY  (pipe_connect_bad_name)
   TEST_ENTRY  (pipe_connect_to_file)
+  TEST_ENTRY  (pipe_connect_to_long_path)
   TEST_ENTRY  (pipe_connect_on_prepare)
 
   TEST_ENTRY  (pipe_server_close)
@@ -523,6 +526,7 @@ TASK_LIST_START
   TEST_ENTRY  (pipe_bind_error_addrinuse)
   TEST_ENTRY  (pipe_bind_error_addrnotavail)
   TEST_ENTRY  (pipe_bind_error_inval)
+  TEST_ENTRY  (pipe_bind_error_long_path)
   TEST_ENTRY  (pipe_connect_multiple)
   TEST_ENTRY  (pipe_listen_without_bind)
   TEST_ENTRY  (pipe_getsockname)

diff --git a/test/test-pipe-bind-error.c b/test/test-pipe-bind-error.c
@@ -23,6 +23,7 @@
 #include "task.h"
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 
 #ifdef _WIN32
@@ -134,3 +135,27 @@ TEST_IMPL(pipe_listen_without_bind) {
   MAKE_VALGRIND_HAPPY();
   return 0;
 }
+
+
+TEST_IMPL(pipe_bind_error_long_path) {
+  char path[256];
+  uv_pipe_t server;
+  int r;
+
+  memset(path, '.', 255);
+  path[255] = '\0';
+
+  r = uv_pipe_init(uv_default_loop(), &server, 0);
+  ASSERT(r == 0);
+  r = uv_pipe_bind(&server, path);
+  ASSERT(r == UV_ENAMETOOLONG);
+
+  uv_close((uv_handle_t*)&server, close_cb);
+
+  uv_run(uv_default_loop(), UV_RUN_DEFAULT);
+
+  ASSERT(close_cb_called == 1);
+
+  MAKE_VALGRIND_HAPPY();
+  return 0;
+}
diff --git a/test/test-pipe-connect-error.c b/test/test-pipe-connect-error.c
@@ -23,6 +23,7 @@
 #include "task.h"
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 
 
 #ifdef _WIN32
@@ -56,6 +57,13 @@ static void connect_cb_file(uv_connect_t* connect_req, int status) {
 }
 
 
+static void connect_cb_long_path(uv_connect_t* connect_req, int status) {
+  ASSERT(status == UV_ENAMETOOLONG);
+  uv_close((uv_handle_t*)connect_req->handle, close_cb);
+  connect_cb_called++;
+}
+
+
 TEST_IMPL(pipe_connect_bad_name) {
   uv_pipe_t client;
   uv_connect_t req;
@@ -93,3 +101,26 @@ TEST_IMPL(pipe_connect_to_file) {
   MAKE_VALGRIND_HAPPY();
   return 0;
 }
+
+
+TEST_IMPL(pipe_connect_to_long_path) {
+  char path[256];
+  uv_pipe_t client;
+  uv_connect_t req;
+  int r;
+
+  memset(path, '.', 255);
+  path[255] = '\0';
+
+  r = uv_pipe_init(uv_default_loop(), &client, 0);
+  ASSERT(r == 0);
+  uv_pipe_connect(&req, &client, path, connect_cb_long_path);
+
+  uv_run(uv_default_loop(), UV_RUN_DEFAULT);
+
+  ASSERT(close_cb_called == 1);
+  ASSERT(connect_cb_called == 1);
+
+  MAKE_VALGRIND_HAPPY();
+  return 0;
+}