On Fri, Aug 2, 2024 at 6:03 AM Tahera Fahimi [off-list ref] wrote:

This patch introduces a new "scoped" attribute to the landlock_ruleset_attr
that can specify "LANDLOCK_SCOPED_ABSTRACT_UNIX_SOCKET" to scope
abstract Unix sockets from connecting to a process outside of
the same landlock domain. It implements two hooks, unix_stream_connect
and unix_may_send to enforce this restriction.

[...]

+static bool check_unix_address_format(struct sock *const sock)
+{
+       struct unix_address *addr = unix_sk(sock)->addr;
+
+       if (!addr)
+               return true;
+
+       if (addr->len > sizeof(AF_UNIX)) {
+               /* handling unspec sockets */
+               if (!addr->name[0].sun_path)
+                       return true;

addr->name[0] is a "struct sockaddr_un", whose member "sun_path" is an
array member, not a pointer. If "addr" is a valid pointer,
"addr->name[0].sun_path" can't be NULL.

+               if (addr->name[0].sun_path[0] == '\0')
+                       if (!sock_is_scoped(sock))
+                               return false;
+       }
+
+       return true;
+}