mlarkin asks "bgpctl checks the length of the control socket path to

make sure it fits. When browsing around last night I saw that bgpd
does not. Any reason it shouldn't? Please commit"

Add a check in parse.y to check this when reading the configuration.
ok phessler@ henning@

2 files changed, 14 insertions, 3 deletions

diff --git a/usr.sbin/bgpd/control.c b/usr.sbin/bgpd/control.c
index 345b35c4685..ca405ba4292 100644
--- a/usr.sbin/bgpd/control.c
+++ b/usr.sbin/bgpd/control.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: control.c,v 1.76 2015/02/09 11:37:31 claudio Exp $ */
+/*	$OpenBSD: control.c,v 1.77 2015/04/26 20:12:03 benno Exp $ */
 
 /*
  * Copyright (c) 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -50,7 +50,12 @@ control_init(int restricted, char *path)
 
 	bzero(&sun, sizeof(sun));
 	sun.sun_family = AF_UNIX;
-	strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
+	if (strlcpy(sun.sun_path, path, sizeof(sun.sun_path)) >=
+	    sizeof(sun.sun_path)) {
+		log_warn("control_init: socket name too long");
+		close(fd);
+		return (-1);
+	}
 
 	if (unlink(path) == -1)
 		if (errno != ENOENT) {
diff --git a/usr.sbin/bgpd/parse.y b/usr.sbin/bgpd/parse.y
index d50b5001822..a34d87b9fbd 100644
--- a/usr.sbin/bgpd/parse.y
+++ b/usr.sbin/bgpd/parse.y
@@ -1,4 +1,4 @@
-/*	$OpenBSD: parse.y,v 1.279 2015/04/25 15:28:18 phessler Exp $ */
+/*	$OpenBSD: parse.y,v 1.280 2015/04/26 20:12:03 benno Exp $ */
 
 /*
  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
@@ -23,6 +23,7 @@
 #include <sys/types.h>
 #include <sys/socket.h>
 #include <sys/stat.h>
+#include <sys/un.h>
 #include <netinet/in.h>
 #include <arpa/inet.h>
 #include <netmpls/mpls.h>
@@ -578,6 +579,11 @@ conf_main	: AS as4number		{
 			conf->connectretry = $2;
 		}
 		| SOCKET STRING	restricted {
+			if (strlen($2) >=
+			    sizeof(((struct sockaddr_un *)0)->sun_path)) {
+				yyerror("socket path too long");
+				YYERROR;
+			}
 			if ($3) {
 				free(conf->rcsock);
 				conf->rcsock = $2;