UNIX domain socket code corrupts memory on Mac #332

tyhik · 2024-02-05T15:20:28Z

sun_path field of sockaddr_un is 108 bytes on linux, but 104 bytes on Mac. The below patch fixes strncpy() writing over the buffer end on Mac.

diff --git a/src/jsonrpccpp/client/connectors/unixdomainsocketclient.cpp b/src/jsonrpccpp/client/connectors/unixdomainsocketclient.cpp
index 5e97575..0b2bdfc 100644
--- a/src/jsonrpccpp/client/connectors/unixdomainsocketclient.cpp
+++ b/src/jsonrpccpp/client/connectors/unixdomainsocketclient.cpp
@@ -19,6 +19,7 @@
 #include <sys/socket.h>
 #include <sys/un.h>
 #include <unistd.h>
+#include <stddef.h>
 
 using namespace jsonrpc;
 using namespace std;
@@ -37,7 +38,7 @@ void UnixDomainSocketClient::SendRPCMessage(const std::string &message, std::str
   memset(&address, 0, sizeof(sockaddr_un));
 
   address.sun_family = AF_UNIX;
-  strncpy(address.sun_path, this->path.c_str(), 107);
+  strncpy(address.sun_path, this->path.c_str(), sizeof(struct sockaddr_un) - offsetof(struct sockaddr_un, sun_path) - 1);
 
   if (connect(socket_fd, (struct sockaddr *)&address, sizeof(sockaddr_un)) != 0) {
     close(socket_fd);
diff --git a/src/jsonrpccpp/server/connectors/unixdomainsocketserver.cpp b/src/jsonrpccpp/server/connectors/unixdomainsocketserver.cpp
index 9dc28f8..1eb83b8 100644
--- a/src/jsonrpccpp/server/connectors/unixdomainsocketserver.cpp
+++ b/src/jsonrpccpp/server/connectors/unixdomainsocketserver.cpp
@@ -18,6 +18,7 @@
 #include <sstream>
 #include <sys/types.h>
 #include <unistd.h>
+#include <stddef.h>
 
 using namespace jsonrpc;
 using namespace std;
@@ -46,7 +47,7 @@ bool UnixDomainSocketServer::InitializeListener() {
 
   memset(&(this->address), 0, sizeof(struct sockaddr_un));
   this->address.sun_family = AF_UNIX;
-  strncpy(this->address.sun_path, this->socket_path.c_str(), 107);
+  strncpy(this->address.sun_path, this->socket_path.c_str(), sizeof(struct sockaddr_un) - offsetof(struct sockaddr_un, sun_path) - 1);
 
   if (::bind(this->socket_fd, reinterpret_cast<struct sockaddr *>(&(this->address)), sizeof(struct sockaddr_un)) != 0) {
     return false;

The text was updated successfully, but these errors were encountered:

tyhik · 2024-02-05T15:25:19Z

Sorry, didn't know that github Code tags corrupt the patch.

cinemast · 2024-03-05T16:55:24Z

could you please put that in a proper pullrequest?

cinemast added the bug label Mar 27, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

UNIX domain socket code corrupts memory on Mac #332

UNIX domain socket code corrupts memory on Mac #332

tyhik commented Feb 5, 2024 •

edited by cinemast

tyhik commented Feb 5, 2024

cinemast commented Mar 5, 2024

UNIX domain socket code corrupts memory on Mac #332

UNIX domain socket code corrupts memory on Mac #332

Comments

tyhik commented Feb 5, 2024 • edited by cinemast

tyhik commented Feb 5, 2024

cinemast commented Mar 5, 2024

tyhik commented Feb 5, 2024 •

edited by cinemast