From e9ae36e9683372b86f1efbd29904722a33fea083 Mon Sep 17 00:00:00 2001
From: Andrew Bartlett <abartlet@samba.org>
Date: Wed, 24 Jul 2013 10:19:26 +1200
Subject: s4-lib/socket: Allocate a the larger sockaddr_un and not just a
 sockaddr_in in unixdom_get_peer_addr()

This caused crashes in _tsocket_address_bsd_from_sockaddr() when we
read past the end of the allocation.

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
---
 source4/lib/socket/socket_unix.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'source4/lib')

diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c
index 0774b12b93..3aa5440242 100644
--- a/source4/lib/socket/socket_unix.c
+++ b/source4/lib/socket/socket_unix.c
@@ -323,7 +323,7 @@ static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_
 
 static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx)
 {
-	struct sockaddr_in *peer_addr;
+	struct sockaddr_un *peer_addr;
 	socklen_t len = sizeof(*peer_addr);
 	struct socket_address *peer;
 	int ret;
@@ -334,7 +334,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock,
 	}
 	
 	peer->family = sock->backend_name;
-	peer_addr = talloc(peer, struct sockaddr_in);
+	peer_addr = talloc(peer, struct sockaddr_un);
 	if (!peer_addr) {
 		talloc_free(peer);
 		return NULL;
-- 
cgit