Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PATCH 1/3: socket: fix some issues with socket name

X-seq: zsh-workers 54493
From: Mikael Magnusson <mikachu@xxxxxxxxx>
To: zsh-workers@xxxxxxx
Subject: PATCH 1/3: socket: fix some issues with socket name
Date: Thu, 7 May 2026 11:04:56 +0200
Archived-at: <https://zsh.org/workers/54493>
List-id: <zsh-workers.zsh.org>

If the passed name was too long, it was silently truncated. If it was
exactly the max length, the string was not nul terminated.

% zsocket -l aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
==421== Syscall param socketcall.bind(my_addr.sun_path) points to uninitialised byte(s)
==421==    at 0x4DD77D7: bind (in /lib64/libc-2.32.so)
==421==    by 0x61FB31A: bin_zsocket (in /usr/local/lib64/zsh/5.9.0.3-test-mika/zsh/net/socket.so)
==421==    by 0x4217BF: execbuiltin (in /usr/local/bin/zsh)
==421==    by 0x433751: execcmd_exec (in /usr/local/bin/zsh)
==421==    by 0x433D2B: execpline2 (in /usr/local/bin/zsh)
==421==    by 0x434084: execpline (in /usr/local/bin/zsh)
==421==    by 0x4359F8: execlist (in /usr/local/bin/zsh)
==421==    by 0x4362A1: execode (in /usr/local/bin/zsh)
==421==    by 0x44F7A1: loop (in /usr/local/bin/zsh)
==421==    by 0x450AAD: zsh_main (in /usr/local/bin/zsh)
==421==    by 0x4D01E69: (below main) (in /lib64/libc-2.32.so)
==421==  Address 0x1ffeffd7ad is on thread 1's stack
==421==  in frame #1, created by bin_zsocket (???:)
---
 Src/Modules/socket.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/Src/Modules/socket.c b/Src/Modules/socket.c
index c65b7dfce4..4f2a6ecbfa 100644
--- a/Src/Modules/socket.c
+++ b/Src/Modules/socket.c
@@ -58,7 +58,7 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
 {
     int err=1, verbose=0, test=0, targetfd=0;
     ZSOCKLEN_T len;
-    struct sockaddr_un soun;
+    struct sockaddr_un soun = { 0 };
     int sfd;
 
     if (OPT_ISSET(ops,'v'))
@@ -90,6 +90,10 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
 	}
 
 	localfn = args[0];
+	if (strlen(localfn) >= sizeof(soun.sun_path)) {
+	    zwarnnam(nam, "socket path too long: %d > %d", strlen(localfn), sizeof(soun.sun_path) -1 );
+	    return 1;
+	}
 
 	sfd = socket(PF_UNIX, SOCK_STREAM, 0);
 
@@ -232,6 +236,11 @@ bin_zsocket(char *nam, char **args, Options ops, UNUSED(int func))
 	    return 1;
 	}
 
+	if (strlen(args[0]) >= sizeof(soun.sun_path)) {
+	    zwarnnam(nam, "socket path too long: %d > %d", strlen(args[0]), sizeof(soun.sun_path) -1 );
+	    return 1;
+	}
+
 	sfd = socket(PF_UNIX, SOCK_STREAM, 0);
 
 	if (sfd == -1) {
-- 
2.38.1

Messages sorted by: Reverse Date, Date, Thread, Author