Jason Thorpe <thorpej@nas.nasa.gov> writes:

> Ok... I took a look at this problem ...This should also deal with the
> COMPAT_OLDSOCK case where the sockaddr can legitimately be larger than
> an mbuf...
> 
> What do you think of the patch?

Does this patch intend to unlimit the length of unix domain socket
address rather than limits to sizeof (sockaddr_un) or MLEN?

Hmm..., then, I think:

* unp_connect() also has similar check for the address if it just fit
to mbuf.  This also can be simplified like unp_bind().

* unp_setsockaddr() and unp_setpeeraddr() are using bcopy() to copy
unp->unp_addr to mbuf.  It may overruns.

* sbappendaddr() called via unp_output() limits asa->sa_len (is
sun_len) to MLEN.

How about?

enami.