On Feb 4 11:03, Tanaka Akira wrote: > Hi. > > I found bind(sock, addr, addrlen) function doesn't respect addrlen. > > If addr is AF_UNIX socket address and sun_path field is not > NUL-terminated until the length specified as addrlen, > bind() refer bytes after addrlen. > This can be observed by created socket file name is longer > than expected. > > The test program attached below [...]
Thanks for the testcase! I fixed bind(2) in CVS so that it makes sure never to access memory beyond what's specified in the namelen parameter. It also tests that the filename is always NUL-terminated, so your example will result in an ENAMETOOLONG now, unless you make sure there's a NUL byte within the bounds defined by namelen, as well as within the first 108 bytes of sun_path. This is not quite the Linux behaviour which also allows non-NUL terminated filenames, but SUSv4 as well as the Linux unix(7) man page as well as the wonderful "UNIX Network Programming" book from W. Richard Stevens imply that the pathname should be NUL-terminated, so I'll stick to that. The important thing here is that bind(2) won't access undefined memory. Thanks again, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
