On 31.08.2021 22:47, Peter Maydell wrote:
On Tue, 31 Aug 2021 at 19:34, Michael Tokarev <m...@tls.msk.ru> wrote:
..
- assert(salen >= sizeof(su->sun_family) + 1 &&
- salen <= sizeof(struct sockaddr_un));
+ /* there's a corner case when trailing \0 does not fit into
+ * sockaddr_un. Compare length with sizeof(sockaddr_storage),
+ * not with sizeof(sockaddr_un), since this is what we actually
+ * provide, to ensure we had no truncation and a room for
+ * the trailing \0 which we add below.
+ * When salen == sizeof(sun_family) it is unnamed socket,
+ * and when first byte of sun_path is \0, it is abstract. */
+ assert(salen >= sizeof(su->sun_family) &&
+ salen <= sizeof(struct sockaddr_storage));
Again, why are we asserting an upper bound? We don't care here:
the representation in the SocketAddress structure has no length
limit on the path. (Conversely, we do care about the max length
when we convert from a SocketAddress to a sockaddr_un: we do this
in eg unix_connect_saddr().)
We have sizeof(sockaddr_storage) space there. If the kernel returned
salen greather than that, this means we received only partial address
and can't rely on it. It is like snprintf() returning more bytes than
available in the buffer - it says how much bytes NEEDED.
/mjt
