diff --git a/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst b/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst new file mode 100644 index 00000000000000..390a7222bbf55f --- /dev/null +++ b/Misc/NEWS.d/next/Library/2021-07-26-10-46-49.bpo-44493.xp3CRH.rst @@ -0,0 +1,3 @@ +Add missing terminated NUL in sockaddr_un's length + +This was potentially observable when using non-abstract AF_UNIX datagram sockets to processes written in another programming language. diff --git a/Modules/socketmodule.c b/Modules/socketmodule.c index ab8618b3415447..392cc32f7fa2f6 100644 --- a/Modules/socketmodule.c +++ b/Modules/socketmodule.c @@ -1680,6 +1680,8 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, "AF_UNIX path too long"); goto unix_out; } + + *len_ret = path.len + offsetof(struct sockaddr_un, sun_path); } else #endif /* linux */ @@ -1691,10 +1693,13 @@ getsockaddrarg(PySocketSockObject *s, PyObject *args, goto unix_out; } addr->sun_path[path.len] = 0; + + /* including the tailing NUL */ + *len_ret = path.len + offsetof(struct sockaddr_un, sun_path) + 1; } addr->sun_family = s->sock_family; memcpy(addr->sun_path, path.buf, path.len); - *len_ret = path.len + offsetof(struct sockaddr_un, sun_path); + retval = 1; unix_out: PyBuffer_Release(&path);