[issue8882] socketmodule.c`getsockaddrarg() should not check the length of sun_path

Edward Pilatowicz report at bugs.python.org
Thu Jun 3 03:27:50 CEST 2010 

New submission from Edward Pilatowicz <edward.pilatowicz at oracle.com>:

recently i was writing some python code that attempted to bind a unix
domain socket to a long filesystem path.  this code was failing and
telling me that the path name was too long.  tracing python i saw that
it wasn't event issuing a system call for my bind() request.  eventually
i tracked down the problem to socketmodule.c`getsockaddrarg():

http://svn.python.org/view/python/trunk/Modules/socketmodule.c?view=markup

there we see that getsockaddrarg() checks to verify that the specified
path is less than "sizeof addr->sun_path", where addr is a struct
sockaddr_un.  this seems incorrect to me.

on most systems sockaddr_un.sun_path is defined as a small character
array.  this limit is an ancient bit of unix legacy and most modern
systems do not actually limit domain socket names to a path as short as
sun_path.  on solaris the real limit is MAXPATHLEN, there by allowing
unix domain sockets to be bound to any filesystem path.

the posix specification also says that users of the sockaddr_un 
structure should not make any assumptions about the maximum supported
length of sun_path.

from:
    http://www.opengroup.org/onlinepubs/009695399/basedefs/sys/un.h.html

we have:
    char        sun_path[]    socket pathname
    ...

    The size of sun_path has intentionally been left undefined. This is
    because different implementations use different sizes. For example,
    4.3 BSD uses a size of 108, and 4.4 BSD uses a size of 104. Since
    most implementations originate from BSD versions, the size is
    typically in the range 92 to 108.

    Applications should not assume a particular length for sun_path or
    assume that it can hold {_POSIX_PATH_MAX} characters (255).

hence, it seems to me that python should not actually be doing any size
checks on the path passed to getsockaddrarg().  instead is should
dynamically allocate a sockaddr_un large enough to hold whatever string
was pass in.  this structure can then be passed on to system calls which
can they check if the specified path is of a supported length.  (if you
look at the posix definitions for bind() and connect() you'll see that 
they both can return ENAMETOOLONG if the passed in pathname is too 
large.)

----------
components: None
messages: 106929
nosy: Edward.Pilatowicz
priority: normal
severity: normal
status: open
title: socketmodule.c`getsockaddrarg() should not check the length of sun_path
type: behavior
versions: Python 2.6

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue8882>
_______________________________________

More information about the Python-bugs-list mailing list