From: Mateusz Jurczyk <mjurc...@google.com> Date: Thu, 8 Jun 2017 11:13:36 +0200
> Verify that the caller-provided sockaddr structure is large enough to > contain the sa_family field, before accessing it in bind() and connect() > handlers of the AF_UNIX socket. Since neither syscall enforces a minimum > size of the corresponding memory region, very short sockaddrs (zero or > one byte long) result in operating on uninitialized memory while > referencing .sa_family. > > Signed-off-by: Mateusz Jurczyk <mjurc...@google.com> The sockaddr comes from a structure on the caller's kernel stack, even if the user gives a smaller length, it is legal to access that memory.
