From: Guillaume Nault <g.na...@alphalink.fr> Date: Fri, 27 Apr 2018 17:39:06 +0200
> Thanks for the suggestion. But ->sa_family has never been checked. > Therefore, it has always been possible to connect a PPPoE or L2TP > socket with an invalid .sa_family field. I'd be surprised if there were > implementations relying on that, but we never know (for example, an > implementation could send this field uninitialised). By being stricter > we'd break such programs. And we don't need this field in the > connection process, so not checking its value doesn't harm. > > I'm all for being strict and validating user-provided data as much as > possible, but I'm afraid its too late in this case. Agreed, adding the check is too risky.
