Bug 19445 - malformed socket name
Summary: malformed socket name
Status: RESOLVED NOTOURBUG
Alias: None
Product: dbus
Classification: Unclassified
Component: core (show other bugs)
Version: 1.2.x
Hardware: Other other
: medium normal
Assignee: Havoc Pennington
QA Contact: John (J5) Palmieri
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-01-07 10:10 UTC by Grzegorz Dąbrowski
Modified: 2013-09-27 05:43 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Grzegorz Dąbrowski 2009-01-07 10:10:14 UTC 
On HaikuOS dbus creates malformed socket name due too small buffer length in bind() call. In my opinion it should be:

if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len + 1) < 0)

instead of:

if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)

in dbus-1.2.10/dbus/dbus-sysdeps-unix.c file.
Comment 1 Havoc Pennington 2009-01-07 22:39:38 UTC 
according to the dbus spec, "When a socket is opened by the D-Bus library it truncates the path name right before the first trailing nul byte. This is true for both normal paths and abstract paths."

From GNU libc headers:
/* Evaluate to actual length of the `sockaddr_un' structure.  */
# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path)	      \
		      + strlen ((ptr)->sun_path))

With abstract sockets, the socket address is allowed to contain nul bytes, so things would actually break if the nul is included in the length.

With normal unix domain sockets, including an extra nul byte in the length is probably harmless, but it is not required by bind() on any other platform. I don't think haikuOS is implementing this correctly.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.