From 56382bd5770decbf7ede46e5030e8e348b27009d Mon Sep 17 00:00:00 2001 From: "Daniel P. Berrange" Date: Mon, 26 Jun 2017 11:37:56 +0100 Subject: [PATCH] sockets: avoid formatting buffer that may not be NUL terminated The 'sun_path' field in the sockaddr_un struct is not required to be NUL termianted, so when reporting an error, we must use the separate 'path' variable which is guaranteed terminated. Fixes a bug spotted by coverity that was introduced in commit ad9579aaa16d5b385922d49edac2c96c79bcfb62 Author: Daniel P. Berrange Date: Thu May 25 16:53:00 2017 +0100 sockets: improve error reporting if UNIX socket path is too long Reviewed-by: Thomas Huth Signed-off-by: Daniel P. Berrange Message-Id: <20170626103756.22974-1-berrange@redhat.com> Signed-off-by: Paolo Bonzini --- util/qemu-sockets.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/util/qemu-sockets.c b/util/qemu-sockets.c index 82290cb687..d3e51089de 100644 --- a/util/qemu-sockets.c +++ b/util/qemu-sockets.c @@ -897,7 +897,7 @@ static int unix_listen_saddr(UnixSocketAddress *saddr, strncpy(un.sun_path, path, sizeof(un.sun_path)); if (bind(sock, (struct sockaddr*) &un, sizeof(un)) < 0) { - error_setg_errno(errp, errno, "Failed to bind socket to %s", un.sun_path); + error_setg_errno(errp, errno, "Failed to bind socket to %s", path); goto err; } if (listen(sock, 1) < 0) {