-
Notifications
You must be signed in to change notification settings - Fork 17.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/sys: trimmed string socket opt on linux #63217
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Comments
The actual fix seems to be pretty short: // GetsockoptString returns the string value of the socket option opt for the
// socket associated with fd at the given socket level.
func GetsockoptString(fd, level, opt int) (string, error) {
buf := make([]byte, 256)
vallen := _Socklen(len(buf))
err := getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
if err != nil {
if err == ERANGE {
buf = make([]byte, vallen)
err = getsockopt(fd, level, opt, unsafe.Pointer(&buf[0]), &vallen)
}
if err != nil {
return "", err
}
}
if buf[vallen-1] == 0 {
return string(buf[:vallen-1]), nil
} else {
return string(buf[:vallen]), nil
}
} If this looks good I can submit a patch! |
thanm
added
the
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
label
Sep 25, 2023
@golang/runtime |
Please do submit a patch, and if at all possible include a test that fails without the patch. Thanks. |
Change https://go.dev/cl/531117 mentions this issue: |
Change https://go.dev/cl/530897 mentions this issue: |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
NeedsInvestigation
Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Bug description
Func
GetsockoptString
from x/sys/unix package always removes the last byte from the buffer, which in some cases leads to a truncated option value.From
unix
man page:But the implementation (this patch) always cuts the last byte without checking it for the null character.
What version of Go are you using (
go version
)?Does this issue reproduce with the latest release?
Yes.
What operating system and processor architecture are you using (
go env
)?I'm using intel mac, but building for arm linux (GOARCH=arm64 GOOS=linux)
go env
OutputWhat did you do?
The service code is running on the linux with apparmor enabled. It just reads the app armor label from the Unix socket connection by calling:
What did you expect to see?
unconfined
appname (complain)
What did you see instead?
unconfine
appname (complain
The text was updated successfully, but these errors were encountered: