git://git.onelab.eu / linux-2.6.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
This commit was manufactured by cvs2svn to create tag
[linux-2.6.git] / net / unix / af_unix.c
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c28632b..5deed5c 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -190,7 +190,18 @@ static int unix_mkname(struct sockaddr_un * sunaddr, int len, unsigned *hashp)
                return -EINVAL;
        if (!sunaddr || sunaddr->sun_family != AF_UNIX)
                return -EINVAL;
-       if (sunaddr->sun_path[0]) {
+       if (sunaddr->sun_path[0])
+       {
+               /*
+                *      This may look like an off by one error but it is
+                *      a bit more subtle. 108 is the longest valid AF_UNIX
+                *      path for a binding. sun_path[108] doesn't as such
+                *      exist. However in kernel space we are guaranteed that
+                *      it is a valid memory location in our kernel
+                *      address buffer.
+                */
+               if (len > sizeof(*sunaddr))
+                       len = sizeof(*sunaddr);
                ((char *)sunaddr)[len]=0;
                len = strlen(sunaddr->sun_path)+1+sizeof(short);
                return len;
linux-2.6