Take a look at net/core/sock.c line 217:
if(optlen<sizeof(int))
return(-EINVAL);
For SO_BINDTODEVICE, optlen is length of device name plus one byte. For
"lo\0" this is three bytes which is less than sizeof(int).
The idea of checking optlen this way is fundamentally incompatible with
the idea of string length. We are comparing apples vs. oranges here.
Is this check necessary at all? For example, in NetBSD, they check
uap->valsize to ensure it is smaller than mbuf.
Attachment:
pgpKlpWtdHrvq.pgp
Description: PGP signature
