return -EINVAL;
if (!sunaddr || sunaddr->sun_family != AF_UNIX)
return -EINVAL;
- if (sunaddr->sun_path[0]) {
+ if (sunaddr->sun_path[0])
+ {
+ /*
+ * This may look like an off by one error but it is
+ * a bit more subtle. 108 is the longest valid AF_UNIX
+ * path for a binding. sun_path[108] doesn't as such
+ * exist. However in kernel space we are guaranteed that
+ * it is a valid memory location in our kernel
+ * address buffer.
+ */
+ if (len > sizeof(*sunaddr))
+ len = sizeof(*sunaddr);
((char *)sunaddr)[len]=0;
len = strlen(sunaddr->sun_path)+1+sizeof(short);
return len;