On Mon, Oct 07, 2002 at 12:48:00AM -0700, David S. Miller wrote:
> From: Balazs Scheidler <bazsi@balabit.hu>
> Date: Mon, 7 Oct 2002 09:35:32 +0200
>
> The returned socklen is 2, but the sockaddr.family is not touched. A fix is
> below:
>
> Since msg->msg_namelen is zero, msg->msg_name should not be
> interpreted in any way at all.
You would be right, if it would be zero, but it isn't:
373 res = recvfrom(closure->fd, buffer, length, 0, (struct sockaddr *) addr, (socklen_t *) addrlen);
(gdb) n
375 if (*addrlen == 2) {
(gdb) p *addrlen
$2 = 2
Checking out the code again:
static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
{
msg->msg_namelen = sizeof(short);
if (sk->protinfo.af_unix.addr) {
msg->msg_namelen=sk->protinfo.af_unix.addr->len;
memcpy(msg->msg_name,
sk->protinfo.af_unix.addr->name,
sk->protinfo.af_unix.addr->len);
}
}
namelen is explicitly set to sizeof(short) == 2.
This is 2.4.18
-- Bazsi PGP info: KeyID 9AF8D0A9 Fingerprint CD27 CFB0 802C 0944 9CFD 804E C82C 8EB1 - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Mon Oct 07 2002 - 22:00:57 EST