1 files changed, 8 insertions, 3 deletions

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 6a7fe7660551..c77ced0109b7 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -343,7 +343,7 @@ found:
  * are still connected to it and there's no way to inform "a polling
  * implementation" that it should let go of a certain wait queue
  *
- * In order to propagate a wake up, a wait_queue_t of the client
+ * In order to propagate a wake up, a wait_queue_entry_t of the client
  * socket is enqueued on the peer_wait queue of the server socket
  * whose wake function does a wake_up on the ordinary client socket
  * wait queue. This connection is established whenever a write (or
@@ -352,7 +352,7 @@ found:
  * was relayed.
  */
 
-static int unix_dgram_peer_wake_relay(wait_queue_t *q, unsigned mode, int flags,
+static int unix_dgram_peer_wake_relay(wait_queue_entry_t *q, unsigned mode, int flags,
                                       void *key)
 {
         struct unix_sock *u;
@@ -999,7 +999,8 @@ static int unix_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
         struct path path = { };
 
         err = -EINVAL;
-        if (sunaddr->sun_family != AF_UNIX)
+        if (addr_len < offsetofend(struct sockaddr_un, sun_family) ||
+            sunaddr->sun_family != AF_UNIX)
                 goto out;
 
         if (addr_len == sizeof(short)) {
@@ -1110,6 +1111,10 @@ static int unix_dgram_connect(struct socket *sock, struct sockaddr *addr,
         unsigned int hash;
         int err;
 
+        err = -EINVAL;
+        if (alen < offsetofend(struct sockaddr, sa_family))
+                goto out;
+
         if (addr->sa_family != AF_UNSPEC) {
                 err = unix_mkname(sunaddr, alen, &hash);
                 if (err < 0)