From fbce12cf94cdb119a10f690fae8441a81b0dab12 Mon Sep 17 00:00:00 2001
From: Andreas Schneider <asn@samba.org>
Date: Wed, 11 Aug 2021 12:07:57 +0200
Subject: [PATCH] s3:winbind: Do not start if the priviliged socket path is too
 long

https://bugzilla.samba.org/show_bug.cgi?id=14792

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 45f6bf1824f229dd138280eed1fff61a1e291897)
---
 source3/winbindd/winbindd.c | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)

diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 9b148b18a58..cb793cf182c 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -1659,6 +1659,8 @@ int main(int argc, const char **argv)
 	const struct dcesrv_endpoint_server *ep_server = NULL;
 	struct dcesrv_context *dce_ctx = NULL;
 	size_t winbindd_socket_dir_len = 0;
+	char *winbindd_priv_socket_dir = NULL;
+	size_t winbindd_priv_socket_dir_len = 0;
 
 	setproctitle_init(argc, discard_const(argv), environ);
 
@@ -1835,6 +1837,32 @@ int main(int argc, const char **argv)
 		exit(1);
 	}
 
+	winbindd_priv_socket_dir = get_winbind_priv_pipe_dir();
+	winbindd_priv_socket_dir_len = strlen(winbindd_priv_socket_dir);
+	if (winbindd_priv_socket_dir_len > 0) {
+		size_t winbindd_priv_socket_len =
+			winbindd_priv_socket_dir_len + 1 +
+			strlen(WINBINDD_SOCKET_NAME);
+		struct sockaddr_un un = {
+			.sun_family = AF_UNIX,
+		};
+		size_t sun_path_len = sizeof(un.sun_path);
+
+		if (winbindd_priv_socket_len >= sun_path_len) {
+			DBG_ERR("The winbind priviliged socket path [%s/%s] is too long "
+				"(%zu >= %zu)\n",
+				winbindd_priv_socket_dir,
+				WINBINDD_SOCKET_NAME,
+				winbindd_priv_socket_len,
+				sun_path_len);
+			exit(1);
+		}
+	} else {
+		DBG_ERR("'winbindd_priv_socket_directory' parameter is empty\n");
+		exit(1);
+	}
+	TALLOC_FREE(winbindd_priv_socket_dir);
+
 	if (!cluster_probe_ok()) {
 		exit(1);
 	}
-- 
2.32.0