Bug 19445

Summary: malformed socket name
Product: dbus Reporter: Grzegorz DÄ…browski <gdx>
Component: coreAssignee: Havoc Pennington <hp>
Status: RESOLVED NOTOURBUG QA Contact: John (J5) Palmieri <johnp>
Severity: normal    
Priority: medium CC: chengwei.yang.cn
Version: 1.2.x   
Hardware: Other   
OS: other   
i915 platform: i915 features:

Description Grzegorz DÄ…browski 2009-01-07 10:10:14 UTC
On HaikuOS dbus creates malformed socket name due too small buffer length in bind() call. In my opinion it should be:

if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len + 1) < 0)

instead of:

if (bind (listen_fd, (struct sockaddr*) &addr, _DBUS_STRUCT_OFFSET (struct sockaddr_un, sun_path) + path_len) < 0)

in dbus-1.2.10/dbus/dbus-sysdeps-unix.c file.
Comment 1 Havoc Pennington 2009-01-07 22:39:38 UTC
according to the dbus spec, "When a socket is opened by the D-Bus library it truncates the path name right before the first trailing nul byte. This is true for both normal paths and abstract paths."

From GNU libc headers:
/* Evaluate to actual length of the `sockaddr_un' structure.  */
# define SUN_LEN(ptr) ((size_t) (((struct sockaddr_un *) 0)->sun_path)	      \
		      + strlen ((ptr)->sun_path))

With abstract sockets, the socket address is allowed to contain nul bytes, so things would actually break if the nul is included in the length.

With normal unix domain sockets, including an extra nul byte in the length is probably harmless, but it is not required by bind() on any other platform. I don't think haikuOS is implementing this correctly.

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.