unix: allow to bind unix sockets only to AF_UNIX addresses

Reported-by: syzbot+2c0bcfd87fb4e8b7b009@syzkaller.appspotmail.com PiperOrigin-RevId: 285228312
author: Andrei Vagin <avagin@google.com> 2019-12-12 11:07:25 -0800
committer: gVisor bot <gvisor-bot@google.com> 2019-12-12 11:08:56 -0800
commit: 378d6c1f3697b8b939e6632e980562bfc8fb2781 (patch)
tree: 36047dc720fcc6f5b79c2cc230510a8779e00ca3 /pkg
parent: b9aa62b9f907e8de5244ac7cdb518960faafa307 (diff)
2 files changed, 4 insertions, 1 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 8a6522eac..140851c17 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -326,7 +326,7 @@ func AddressAndFamily(sfamily int, addr []byte, strict bool) (tcpip.FullAddress,
 	}
 
 	family := usermem.ByteOrder.Uint16(addr)
-	if family != uint16(sfamily) && (!strict && family != linux.AF_UNSPEC) {
+	if family != uint16(sfamily) && (strict || family != linux.AF_UNSPEC) {
 		return tcpip.FullAddress{}, family, syserr.ErrAddressFamilyNotSupported
 	}
 
diff --git a/pkg/sentry/socket/unix/unix.go b/pkg/sentry/socket/unix/unix.go
index 1aaae8487..885758054 100644
--- a/pkg/sentry/socket/unix/unix.go
+++ b/pkg/sentry/socket/unix/unix.go
@@ -118,6 +118,9 @@ func (s *SocketOperations) Endpoint() transport.Endpoint {
 func extractPath(sockaddr []byte) (string, *syserr.Error) {
 	addr, _, err := netstack.AddressAndFamily(linux.AF_UNIX, sockaddr, true /* strict */)
 	if err != nil {
+		if err == syserr.ErrAddressFamilyNotSupported {
+			err = syserr.ErrInvalidArgument
+		}
 		return "", err
 	}
author	Andrei Vagin <avagin@google.com>	2019-12-12 11:07:25 -0800
committer	gVisor bot <gvisor-bot@google.com>	2019-12-12 11:08:56 -0800
commit	378d6c1f3697b8b939e6632e980562bfc8fb2781 (patch)
tree	36047dc720fcc6f5b79c2cc230510a8779e00ca3 /pkg
parent	b9aa62b9f907e8de5244ac7cdb518960faafa307 (diff)