Bug#645469: bind() fails for AF_UNIX sockets with EINVAL
Robert Millan wrote:
> http://security.freebsd.org/patches/SA-11:05/unix.patch
Thanks for the pointer.
Here's "struct sockaddr_un" in eglibc (socket/sys/un.h, after a little
typedef-chasing):
unsigned char sun_len;
unsigned char sun_family;
char sun_path[108]; /* Path name. */
And here it is in the kernel:
unsigned char sun_len;
unsigned char sun_family;
char sun_path[104]; /* Path name. */
I wonder whether there would be any downside to changing that 104 in
the kernel to 108. That is, which interfaces exposing the kernel's
"struct sockaddr_un" to userspace should we be paying attention to?
Separately from that, it would be helpful to know where the buffer
overflowed in #645377 is, since maybe it could be made bigger without
changing the layout of struct sockaddr_un.
Sleepily,
Jonathan
Reply to: