diff options
author | Andrei Vagin <avagin@google.com> | 2019-12-12 11:07:25 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-12-12 11:08:56 -0800 |
commit | 378d6c1f3697b8b939e6632e980562bfc8fb2781 (patch) | |
tree | 36047dc720fcc6f5b79c2cc230510a8779e00ca3 /pkg/sentry/socket/netstack | |
parent | b9aa62b9f907e8de5244ac7cdb518960faafa307 (diff) |
unix: allow to bind unix sockets only to AF_UNIX addresses
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com
PiperOrigin-RevId: 285228312
Diffstat (limited to 'pkg/sentry/socket/netstack')
-rw-r--r-- | pkg/sentry/socket/netstack/netstack.go | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index 8a6522eac..140851c17 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -326,7 +326,7 @@ func AddressAndFamily(sfamily int, addr []byte, strict bool) (tcpip.FullAddress, } family := usermem.ByteOrder.Uint16(addr) - if family != uint16(sfamily) && (!strict && family != linux.AF_UNSPEC) { + if family != uint16(sfamily) && (strict || family != linux.AF_UNSPEC) { return tcpip.FullAddress{}, family, syserr.ErrAddressFamilyNotSupported } |