netdev
[Top] [All Lists]

Re: Off-by-one bug at unix_mkname ?

To: "YOSHIFUJI Hideaki / ?$B5HF#1QL@" <yoshfuji@xxxxxxxxxxxxxx>
Subject: Re: Off-by-one bug at unix_mkname ?
From: Chris Wedgwood <cw@xxxxxxxx>
Date: Mon, 28 Mar 2005 00:49:53 -0800
Cc: davem@xxxxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, from-linux-kernel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <20050328.173938.26746686.yoshfuji@linux-ipv6.org>
References: <200503281700.HHE91205.FtVLOStGOSPMYJFMN@I-love.sakura.ne.jp> <20050328.172108.30349253.yoshfuji@linux-ipv6.org> <20050328.173938.26746686.yoshfuji@linux-ipv6.org>
Sender: netdev-bounce@xxxxxxxxxxx
On Mon, Mar 28, 2005 at 05:39:38PM +0900, YOSHIFUJI Hideaki / ?$B5HF#1QL@ wrote:

> +             /*
> +              *      This may look like an off by one error but it is
> +              *      a bit more subtle. 108 is the longest valid AF_UNIX
> +              *      path for a binding. sun_path[108] doesnt as such
> +              *      exist. However in kernel space we are guaranteed that
> +              *      it is a valid memory location in our kernel
> +              *      address buffer.

icky pointless white space?

> +              */
> +             if (len > sizeof(*sunaddr))

what?

<Prev in Thread] Current Thread [Next in Thread>