diff options
author | Andrew Bartlett <abartlet@samba.org> | 2013-07-24 10:19:26 +1200 |
---|---|---|
committer | Jeremy Allison <jra@samba.org> | 2013-07-23 15:35:08 -0700 |
commit | e9ae36e9683372b86f1efbd29904722a33fea083 (patch) | |
tree | 4ecfd2629930b6bcd44ce5fe2d05364c91c7bafe | |
parent | fe06e1b0a3c06ffa859fa0d5e52ed4cc59de0950 (diff) | |
download | samba-e9ae36e9683372b86f1efbd29904722a33fea083.tar.gz samba-e9ae36e9683372b86f1efbd29904722a33fea083.tar.bz2 samba-e9ae36e9683372b86f1efbd29904722a33fea083.zip |
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr()
This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.
Andrew Bartlett
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
-rw-r--r-- | source4/lib/socket/socket_unix.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c index 0774b12b93..3aa5440242 100644 --- a/source4/lib/socket/socket_unix.c +++ b/source4/lib/socket/socket_unix.c @@ -323,7 +323,7 @@ static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx) { - struct sockaddr_in *peer_addr; + struct sockaddr_un *peer_addr; socklen_t len = sizeof(*peer_addr); struct socket_address *peer; int ret; @@ -334,7 +334,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, } peer->family = sock->backend_name; - peer_addr = talloc(peer, struct sockaddr_in); + peer_addr = talloc(peer, struct sockaddr_un); if (!peer_addr) { talloc_free(peer); return NULL; |