- Fixed stack buffer overflow in socket_connect().

  Found by: Mateusz Kocielski, Marek Kroemeke and Filip Palian

diff --git a/ext/sockets/sockets.c b/ext/sockets/sockets.c
index 0c6f292f3873948277a570c201dbec469de50b08..1651ca9db4982afa04fcac74844fb0a94b454808 100644 (file)
--- a/ext/sockets/sockets.c
+++ b/ext/sockets/sockets.c
@@ -1540,6 +1540,11 @@ PHP_FUNCTION(socket_connect)
                        break;
 
                case AF_UNIX:
+                       if (addr_len >= sizeof(s_un.sun_path)) {
+                               php_error_docref(NULL TSRMLS_CC, E_WARNING, "Path too long", php_sock->type);
+                               RETURN_FALSE;
+                       }
+                               
                        memset(&s_un, 0, sizeof(struct sockaddr_un));
 
                        s_un.sun_family = AF_UNIX;