[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#645469: bind fails for AF_UNIX sockets with EINVAL

More importantly, there is the question you raised of whether this
should be done in userspace by libc instead.  That would avoid
upstream having to wonder, "why should we care what happens when
someone using a BSD4.3-style bind() calls our BSD4.4-style kernel"?
So it's tempting.

For now I propose to silently shorten too long size in kernel.
I.e instead of

  if (soun->sun_len > sizeof(struct sockaddr_un))
                return (EINVAL);


   if (soun->sun_len > sizeof(struct sockaddr_un))
       if (soun->sun_len > (4 + sizeof(struct sockaddr_un)))
                return (EINVAL);
          soun->sun_len = sizeof(struct sockaddr_un);

This would allow all usual situation to be handled without problem.

Even upstream have problem with added check in linux emulation, see

In long term, we could clip the size in libc, but for stable security upload we should just silently clip the passed size.


Reply to: