diff options
author | Andrei Vagin <avagin@google.com> | 2019-12-12 11:07:25 -0800 |
---|---|---|
committer | gVisor bot <gvisor-bot@google.com> | 2019-12-12 11:08:56 -0800 |
commit | 378d6c1f3697b8b939e6632e980562bfc8fb2781 (patch) | |
tree | 36047dc720fcc6f5b79c2cc230510a8779e00ca3 /pkg/sentry/socket | |
parent | b9aa62b9f907e8de5244ac7cdb518960faafa307 (diff) |
unix: allow to bind unix sockets only to AF_UNIX addresses
Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com
PiperOrigin-RevId: 285228312
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r-- | pkg/sentry/socket/netstack/netstack.go | 2 | ||||
-rw-r--r-- | pkg/sentry/socket/unix/unix.go | 3 |
2 files changed, 4 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go index 8a6522eac..140851c17 100644 --- a/pkg/sentry/socket/netstack/netstack.go +++ b/pkg/sentry/socket/netstack/netstack.go @@ -326,7 +326,7 @@ func AddressAndFamily(sfamily int, addr []byte, strict bool) (tcpip.FullAddress, } family := usermem.ByteOrder.Uint16(addr) - if family != uint16(sfamily) && (!strict && family != linux.AF_UNSPEC) { + if family != uint16(sfamily) && (strict || family != linux.AF_UNSPEC) { return tcpip.FullAddress{}, family, syserr.ErrAddressFamilyNotSupported } diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go index 1aaae8487..885758054 100644 --- a/pkg/sentry/socket/unix/unix.go +++ b/pkg/sentry/socket/unix/unix.go @@ -118,6 +118,9 @@ func (s *SocketOperations) Endpoint() transport.Endpoint { func extractPath(sockaddr []byte) (string, *syserr.Error) { addr, _, err := netstack.AddressAndFamily(linux.AF_UNIX, sockaddr, true /* strict */) if err != nil { + if err == syserr.ErrAddressFamilyNotSupported { + err = syserr.ErrInvalidArgument + } return "", err } |