>
> Why not have:
>
> diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
> index d510353..f9f77a7 100644
> --- a/net/unix/af_unix.c
> +++ b/net/unix/af_unix.c
> @@ -216,6 +216,9 @@ static int unix_mkname(struct sockaddr_un
> *sunaddr, int len, unsigned *hashp)
> */
> ((char *)sunaddr)[len] = 0;
> len = strlen(sunaddr->sun_path)+1+sizeof(short);
> + /* No null terminator was found in the path. */
> + if (len > sizeof(*sunaddr))
> + return -EINVAL;
> return len;
That could generate a kernel page fault!
(Depending on what follows (or rather doesn't follow!) sun_path.)
You'd need to use memchr() not strlen().
David
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
