[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#645469: bind() fails for AF_UNIX sockets with EINVAL

Robert Millan wrote:

> http://security.freebsd.org/patches/SA-11:05/unix.patch

Thanks for the pointer.

Here's "struct sockaddr_un" in eglibc (socket/sys/un.h, after a little

	unsigned char sun_len;
	unsigned char sun_family;
	char sun_path[108];	/* Path name. */

And here it is in the kernel:

	unsigned char sun_len;
	unsigned char sun_family;
	char sun_path[104];	/* Path name. */

I wonder whether there would be any downside to changing that 104 in
the kernel to 108.  That is, which interfaces exposing the kernel's
"struct sockaddr_un" to userspace should we be paying attention to?

Separately from that, it would be helpful to know where the buffer
overflowed in #645377 is, since maybe it could be made bigger without
changing the layout of struct sockaddr_un.


Reply to: