From 6d2d0bbda7a406000ccb8a2dff86ddfe1ce467d5 Mon Sep 17 00:00:00 2001 From: Sara Golemon Date: Sun, 28 May 2017 08:20:21 -0700 Subject: [PATCH] Fix abstract name handling to be binary safe Per unix(7): abstract: an abstract socket address is distinguished (from a pathname socket) by the fact that sun_path[0] is a null byte ('\0'). The socket's address in this namespace is given by the additional bytes in sun_path that are covered by the specified length of the address structure. (Null bytes in the name have no special significance.) The name has no connection with filesystem pathnames. When the address of an abstract socket is returned, the returned addrlen is greater than sizeof(sa_family_t) (i.e., greater than 2), and the name of the socket is contained in the first (addrlen - sizeof(sa_family_t)) bytes of sun_path. The existing implementation was assuming significance in null bytes contained in the abstract address identifier. --- main/network.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/main/network.c b/main/network.c index 076608c37f..6b04a0701f 100644 --- a/main/network.c +++ b/main/network.c @@ -656,7 +656,7 @@ PHPAPI void php_network_populate_name_from_sockaddr( if (ua->sun_path[0] == '\0') { /* abstract name */ - int len = strlen(ua->sun_path + 1) + 1; + int len = sl - sizeof(sa_family_t); *textaddr = zend_string_init((char*)ua->sun_path, len, 0); } else { int len = strlen(ua->sun_path); -- 2.40.0