diff options
author | Stefan Metzmacher <metze@samba.org> | 2013-07-24 10:19:26 +1200 |
---|---|---|
committer | Andrew Bartlett <abartlet@samba.org> | 2013-07-24 14:37:43 +0200 |
commit | 077dfd0a89a854c21b91b0f871d034fd9fe82a9a (patch) | |
tree | 54d3716df76f21319db8f144b52f8a82639392c6 /source4/lib | |
parent | a7801db32afb25cc88f171d9b8896b2f663ba351 (diff) | |
download | samba-077dfd0a89a854c21b91b0f871d034fd9fe82a9a.tar.gz samba-077dfd0a89a854c21b91b0f871d034fd9fe82a9a.tar.bz2 samba-077dfd0a89a854c21b91b0f871d034fd9fe82a9a.zip |
s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr()
This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.
(similar to commit e9ae36e9683372b86f1efbd29904722a33fea083)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104
Diffstat (limited to 'source4/lib')
-rw-r--r-- | source4/lib/socket/socket_unix.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c index 3aa5440242..6876e395ed 100644 --- a/source4/lib/socket/socket_unix.c +++ b/source4/lib/socket/socket_unix.c @@ -362,7 +362,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx) { - struct sockaddr_in *local_addr; + struct sockaddr_un *local_addr; socklen_t len = sizeof(*local_addr); struct socket_address *local; int ret; @@ -373,7 +373,7 @@ static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, T } local->family = sock->backend_name; - local_addr = talloc(local, struct sockaddr_in); + local_addr = talloc(local, struct sockaddr_un); if (!local_addr) { talloc_free(local); return NULL; |