Merge "services/agent/internal/server: check for socket file path length test/modules/shell: shorten the path to the dir holding agent sockets"

commit: 3544ddde20df26ceb3efc1487a2524ae4316ea0c [log] [tgz]
author: Bogdan Caprita <caprita@google.com> Mon Sep 14 22:07:44 2015 +0000
committer: Gerrit Code Review <noreply-gerritcodereview@google.com> Mon Sep 14 22:07:44 2015 +0000
tree: 86106f1773ba7eb400ae495e1c4cf09275fd56ff
parent: 8fb630ac784568d0b709cab230a346cc33a0f01b [diff]
parent: 44c7f988191b9461b9ececffa746b45785a3c6fa [diff]
diff --git a/services/agent/internal/server/server.go b/services/agent/internal/server/server.go
index a9ccc5c..cce84a9 100644
--- a/services/agent/internal/server/server.go
+++ b/services/agent/internal/server/server.go

@@ -339,6 +339,9 @@
 }
 
 func (m *keymgr) ServePrincipal(handle [agent.PrincipalHandleByteSize]byte, path string) error {
+	if maxLen := GetMaxSockPathLen(); len(path) > maxLen {
+		return fmt.Errorf("socket path (%s) exceeds maximum allowed socket path length (%d)", path, maxLen)
+	}
 	if _, err := m.readKey(handle); err != nil {
 		return err
 	}

diff --git a/services/agent/internal/server/sock_len.go b/services/agent/internal/server/sock_len.go
new file mode 100644
index 0000000..7706d58
--- /dev/null
+++ b/services/agent/internal/server/sock_len.go

@@ -0,0 +1,9 @@
+package server
+
+// #include <sys/un.h>
+import "C"
+
+func GetMaxSockPathLen() int {
+	var t C.struct_sockaddr_un
+	return len(t.sun_path)
+}

diff --git a/services/agent/internal/server/sock_len_darwin_test.go b/services/agent/internal/server/sock_len_darwin_test.go
new file mode 100644
index 0000000..ca8fc74
--- /dev/null
+++ b/services/agent/internal/server/sock_len_darwin_test.go

@@ -0,0 +1,11 @@
+package server
+
+import (
+	"testing"
+)
+
+func TestMaxSockPathLen(t *testing.T) {
+	if length := GetMaxSockPathLen(); length != 104 {
+		t.Errorf("Expected max socket path length to be 104 on darwin, got %d instead", length)
+	}
+}

diff --git a/services/agent/internal/server/sock_len_linux_test.go b/services/agent/internal/server/sock_len_linux_test.go
new file mode 100644
index 0000000..e592f12
--- /dev/null
+++ b/services/agent/internal/server/sock_len_linux_test.go

@@ -0,0 +1,11 @@
+package server
+
+import (
+	"testing"
+)
+
+func TestMaxSockPathLen(t *testing.T) {
+	if length := GetMaxSockPathLen(); length != 108 {
+		t.Errorf("Expected max socket path length to be 108 on linux, got %d instead", length)
+	}
+}

diff --git a/test/modules/shell.go b/test/modules/shell.go
index 4b3400e..c4dae02 100644
--- a/test/modules/shell.go
+++ b/test/modules/shell.go

@@ -229,7 +229,7 @@
 	sh.ctx = ctx
 	sh.logger = ctx
 
-	if sh.tempCredDir, err = ioutil.TempDir("", "shell_credentials-"); err != nil {
+	if sh.tempCredDir, err = ioutil.TempDir("", "sh_creds"); err != nil {
 		return nil, err
 	}
 	if sh.agent, err = keymgr.NewLocalAgent(sh.tempCredDir, nil); err != nil {
@@ -282,7 +282,7 @@
 	return fd, nil
 }
 
-// NewCustomCredentials creates a new Principal for StartWithOpts..
+// NewCustomCredentials creates a new Principal for StartWithOpts.
 // Returns nil if the shell is not managing principals.
 func (sh *Shell) NewCustomCredentials() (cred *CustomCredentials, err error) {
 	// Create child principal.
@@ -293,7 +293,7 @@
 	if err != nil {
 		return nil, err
 	}
-	dir, err := ioutil.TempDir(sh.tempCredDir, "agent")
+	dir, err := ioutil.TempDir(sh.tempCredDir, "a")
 	if err != nil {
 		return nil, err
 	}
commit	3544ddde20df26ceb3efc1487a2524ae4316ea0c	[log] [tgz]
author	Bogdan Caprita <caprita@google.com>	Mon Sep 14 22:07:44 2015 +0000
committer	Gerrit Code Review <noreply-gerritcodereview@google.com>	Mon Sep 14 22:07:44 2015 +0000
tree	86106f1773ba7eb400ae495e1c4cf09275fd56ff
parent	8fb630ac784568d0b709cab230a346cc33a0f01b [diff]
parent	44c7f988191b9461b9ececffa746b45785a3c6fa [diff]