> > Why not have: > > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > index d510353..f9f77a7 100644 > --- a/net/unix/af_unix.c > +++ b/net/unix/af_unix.c > @@ -216,6 +216,9 @@ static int unix_mkname(struct sockaddr_un > *sunaddr, int len, unsigned *hashp) > */ > ((char *)sunaddr)[len] = 0; > len = strlen(sunaddr->sun_path)+1+sizeof(short); > + /* No null terminator was found in the path. */ > + if (len > sizeof(*sunaddr)) > + return -EINVAL; > return len; That could generate a kernel page fault! (Depending on what follows (or rather doesn't follow!) sun_path.) You'd need to use memchr() not strlen(). David -- To unsubscribe from this list: send the line "unsubscribe linux-api" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
