From 79244173353d95149ad1944f61cc6bd2e43bd7d4 Mon Sep 17 00:00:00 2001
From: ellie timoney <ellie@fastmail.com>
Date: Tue, 20 Feb 2018 13:17:39 +1100
Subject: [PATCH] master: reject unix domain listen paths that are too long

Fixes #2253
---
 master/master.c | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/master/master.c b/master/master.c
index 325afd42f..a28731fd0 100644
--- a/master/master.c
+++ b/master/master.c
@@ -496,6 +496,12 @@ static void service_create(struct service *s)
                 EX_SOFTWARE);
 
     if (s->listen[0] == '/') { /* unix socket */
+        if (strlen(s->listen) >= sizeof(sunsock.sun_path)) {
+            syslog(LOG_ERR, "invalid listen '%s' (too long), disabling %s",
+                   s->listen, s->name);
+            service_forget_exec(s);
+            return;
+        }
         res0_is_local = 1;
         res0 = (struct addrinfo *)xzmalloc(sizeof(struct addrinfo));
         res0->ai_flags = AI_PASSIVE;
@@ -513,7 +519,14 @@ static void service_create(struct service *s)
         sunsock.sun_len = res0->ai_addrlen;
 #endif
         sunsock.sun_family = AF_UNIX;
-        strcpy(sunsock.sun_path, s->listen);
+
+        int r = snprintf(sunsock.sun_path, sizeof(sunsock.sun_path), "%s", s->listen);
+        if (r < 0 || (size_t) r >= sizeof(sunsock.sun_path)) {
+            /* belt and suspenders */
+            fatal("Serious software bug found: "
+                  "over-long listen path not detected earlier!",
+                  EX_SOFTWARE);
+        }
         unlink(s->listen);
     } else { /* inet socket */
         char *port;