Skip to content

Unbounded strcpy into sockaddr_un.sun_path in bsd_create_listen_socket_unix / bsd_create_connect_socket_unix (stack buffer overflow) #252

Description

@eskilmo
  • Vulnerability Type: Buffer Overflow / Unsafe String Copy
  • Location:
    • external/uWebSockets/uSockets/bsd.c:570
    • external/uWebSockets/uSockets/bsd.c:755
  • Code:
    • Line 570: strcpy(server_address.sun_path, path);
    • Line 755: strcpy(server_address.sun_path, server_path);
  • Explanation:
    • The strcpy() function is used to copy a string into a fixed-size buffer (sun_path member of sockaddr_un structure, which is typically 108 bytes). If the input path or server_path exceeds this buffer size, it will overflow the stack, potentially allowing arbitrary code execution. This is a classic memory safety vulnerability.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions