From 3fd98f7959d27d99fa3614307578d4337973c35e Mon Sep 17 00:00:00 2001 From: Andrew Bartlett Date: Wed, 24 Jul 2013 10:19:26 +1200 Subject: [PATCH 1/2] s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_peer_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. Andrew Bartlett Signed-off-by: Andrew Bartlett Reviewed-by: Jeremy Allison (cherry picked from commit e9ae36e9683372b86f1efbd29904722a33fea083) --- source4/lib/socket/socket_unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c index 0774b12..3aa5440 100644 --- a/source4/lib/socket/socket_unix.c +++ b/source4/lib/socket/socket_unix.c @@ -323,7 +323,7 @@ static char *unixdom_get_peer_name(struct socket_context *sock, TALLOC_CTX *mem_ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx) { - struct sockaddr_in *peer_addr; + struct sockaddr_un *peer_addr; socklen_t len = sizeof(*peer_addr); struct socket_address *peer; int ret; @@ -334,7 +334,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, } peer->family = sock->backend_name; - peer_addr = talloc(peer, struct sockaddr_in); + peer_addr = talloc(peer, struct sockaddr_un); if (!peer_addr) { talloc_free(peer); return NULL; -- 1.7.9.5 From f7b0e0e32eb32b3fcb10b8d9c9a41c5d0fa3362a Mon Sep 17 00:00:00 2001 From: Stefan Metzmacher Date: Wed, 24 Jul 2013 10:19:26 +1200 Subject: [PATCH 2/2] s4-lib/socket: Allocate a the larger sockaddr_un and not just a sockaddr_in in unixdom_get_my_addr() This caused crashes in _tsocket_address_bsd_from_sockaddr() when we read past the end of the allocation. (similar to commit e9ae36e9683372b86f1efbd29904722a33fea083) Bug: https://bugzilla.samba.org/show_bug.cgi?id=10042 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Jul 24 14:37:43 CEST 2013 on sn-devel-104 (cherry picked from commit 077dfd0a89a854c21b91b0f871d034fd9fe82a9a) --- source4/lib/socket/socket_unix.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/source4/lib/socket/socket_unix.c b/source4/lib/socket/socket_unix.c index 3aa5440..6876e39 100644 --- a/source4/lib/socket/socket_unix.c +++ b/source4/lib/socket/socket_unix.c @@ -362,7 +362,7 @@ static struct socket_address *unixdom_get_peer_addr(struct socket_context *sock, static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, TALLOC_CTX *mem_ctx) { - struct sockaddr_in *local_addr; + struct sockaddr_un *local_addr; socklen_t len = sizeof(*local_addr); struct socket_address *local; int ret; @@ -373,7 +373,7 @@ static struct socket_address *unixdom_get_my_addr(struct socket_context *sock, T } local->family = sock->backend_name; - local_addr = talloc(local, struct sockaddr_in); + local_addr = talloc(local, struct sockaddr_un); if (!local_addr) { talloc_free(local); return NULL; -- 1.7.9.5