@@ -231,7 +231,7 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp
{
*hashp = 0;
- if (len <= sizeof(short) || len > sizeof(*sunaddr))
+ if (len <= offsetof(struct sockaddr_un, sun_path) || len > sizeof(*sunaddr))
return -EINVAL;
if (!sunaddr || sunaddr->sun_family != AF_UNIX)
return -EINVAL;
@@ -244,7 +244,7 @@ static int unix_mkname(struct sockaddr_un *sunaddr, int len, unsigned int *hashp
* kernel address buffer.
*/
((char *)sunaddr)[len] = 0;
- len = strlen(sunaddr->sun_path)+1+sizeof(short);
+ len = strlen(sunaddr->sun_path) + offsetof(struct sockaddr_un, sun_path) + 1;
return len;
}
@@ -966,7 +966,7 @@ static int unix_autobind(struct socket *sock)
goto out;
err = -ENOMEM;
- addr = kzalloc(sizeof(*addr) + sizeof(short) + 16, GFP_KERNEL);
+ addr = kzalloc(sizeof(*addr) + offsetof(struct sockaddr_un, sun_path) + 16, GFP_KERNEL);
if (!addr)
goto out;
@@ -974,7 +974,8 @@ static int unix_autobind(struct socket *sock)
refcount_set(&addr->refcnt, 1);
retry:
- addr->len = sprintf(addr->name->sun_path+1, "%05x", ordernum) + 1 + sizeof(short);
+ addr->len = sprintf(addr->name->sun_path + 1, "%05x", ordernum) +
+ offsetof(struct sockaddr_un, sun_path) + 1;
addr->hash = unix_hash_fold(csum_partial(addr->name, addr->len, 0));
addr->hash ^= sk->sk_type;
@@ -1156,7 +1157,7 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
sunaddr->sun_family != AF_UNIX)
return -EINVAL;
- if (addr_len == sizeof(short))
+ if (addr_len == offsetof(struct sockaddr_un, sun_path))
return unix_autobind(sock);
err = unix_mkname(sunaddr, addr_len, &hash);
@@ -1600,7 +1601,7 @@ static int unix_getname(struct socket *sock, struct sockaddr *uaddr, int peer)
if (!addr) {
sunaddr->sun_family = AF_UNIX;
sunaddr->sun_path[0] = 0;
- err = sizeof(short);
+ err = offsetof(struct sockaddr_un, sun_path);
} else {
err = addr->len;
memcpy(sunaddr, addr->name, addr->len);
@@ -3231,7 +3232,7 @@ static int unix_seq_show(struct seq_file *seq, void *v)
seq_putc(seq, ' ');
i = 0;
- len = u->addr->len - sizeof(short);
+ len = u->addr->len - offsetof(struct sockaddr_un, sun_path);
if (!UNIX_ABSTRACT(s))
len--;
else {
@@ -19,7 +19,8 @@ static int sk_diag_dump_name(struct sock *sk, struct sk_buff *nlskb)
if (!addr)
return 0;
- return nla_put(nlskb, UNIX_DIAG_NAME, addr->len - sizeof(short),
+ return nla_put(nlskb, UNIX_DIAG_NAME,
+ addr->len - offsetof(struct sockaddr_un, sun_path),
addr->name->sun_path);
}
The length of the AF_UNIX socket address contains an offset to the member sun_path of struct sockaddr_un. Currently, the preceding member is just sun_family, and its type is sa_family_t and resolved to short. Therefore, the offset is represented by sizeof(short). However, it is not clear and fragile to changes in struct sockaddr_storage or sockaddr_un. This commit makes it clear and robust by rewriting sizeof() with offsetof(). Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp> --- net/unix/af_unix.c | 15 ++++++++------- net/unix/diag.c | 3 ++- 2 files changed, 10 insertions(+), 8 deletions(-)