summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAndrew Bartlett <abartlet@samba.org>2013-07-24 10:19:26 +1200
committerJeremy Allison <jra@samba.org>2013-07-23 15:35:08 -0700
commite9ae36e9683372b86f1efbd29904722a33fea083 (patch)
tree4ecfd2629930b6bcd44ce5fe2d05364c91c7bafe
parentfe06e1b0a3c06ffa859fa0d5e52ed4cc59de0950 (diff)
downloadsamba-e9ae36e9683372b86f1efbd29904722a33fea083.tar.gz
samba-e9ae36e9683372b86f1efbd29904722a33fea083.tar.bz2
samba-e9ae36e9683372b86f1efbd29904722a33fea083.zip
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr()
This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r--source4/lib/socket/socket_unix.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index 0774b12b93..3aa5440242 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -323,7 +323,7 @@ static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_
static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
{
- struct sockaddr_in *peer_addr;
+ struct sockaddr_un *peer_addr;
socklen_t len = sizeof(*peer_addr);
struct socket_address *peer;
int ret;
@@ -334,7 +334,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock,
}
peer->family = sock->backend_name;
- peer_addr = talloc(peer, struct sockaddr_in);
+ peer_addr = talloc(peer, struct sockaddr_un);
if (!peer_addr) {
talloc_free(peer);
return NULL;