tirpc: fix taddr2uaddr for AF_LOCAL

taddr2uaddr would return trailing garbage for AF_LOCAL addresses

taddr2uaddr assumed that the sun_path field of an AF_LOCAL address
was always NULL terminated, but that is not necessarily the case,
especially if the buffer was allocated using the correct SUN_LEN().

Signed-off-by: Olaf Kirch <okir@suse.de>
Signed-off-by: Steve Dickson <steved@redhat.com>

diff --git a/src/rpc_generic.c b/src/rpc_generic.c
index a43906c0dc5f2be964364970f1fc4315e9d9668b..764a25cc63cd3a055072fd201fadafa7ac01ca5d 100644 (file)
--- a/src/rpc_generic.c
+++ b/src/rpc_generic.c
@@ -608,6 +608,7 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
        struct sockaddr_in6 *sin6;
        char namebuf6[INET6_ADDRSTRLEN];
 #endif
+       int path_len;
        u_int16_t port;
 
        if (nbuf->len <= 0)
@@ -638,13 +639,12 @@ __rpc_taddr2uaddr_af(int af, const struct netbuf *nbuf)
 #endif
        case AF_LOCAL:
                sun = nbuf->buf;
-               /*      if (asprintf(&ret, "%.*s", (int)(sun->sun_len -
-                   offsetof(struct sockaddr_un, sun_path)),
-                   sun->sun_path) < 0)*/
-               if (asprintf(&ret, "%.*s", (int)(sizeof(*sun) -
-                                                offsetof(struct sockaddr_un, sun_path)),
-                            sun->sun_path) < 0)
 
+               path_len = nbuf->len - offsetof(struct sockaddr_un, sun_path);
+               if (path_len < 0)
+                       return NULL;
+
+               if (asprintf(&ret, "%.*s", path_len, sun->sun_path) < 0)
                        return (NULL);
                break;
        default: