Fix crash in socket_bindtodevice: NULL device is permissible

libnetutil/netutil.cc

@@ -1120,7 +1120,9 @@ int netutil_raw_socket(const char *device) {
     netutil_perror("setsockopt(SO_BROADCAST) failed");
   }
   sethdrinclude(rawsd);
-  socket_bindtodevice(rawsd, device);
+  if (device) {
+    socket_bindtodevice(rawsd, device);
+  }
 
   return rawsd;
 #endif

nbase/nbase_misc.c

@@ -266,20 +266,22 @@ int block_socket(int sd) {
 int socket_bindtodevice(int sd, const char *device) {
 #ifdef SO_BINDTODEVICE
   char padded[sizeof(int)];
-  size_t len;
+  size_t len = 0;
 
-  len = strlen(device) + 1;
+  if (device) {
-  /* In Linux 2.6.20 and earlier, there is a bug in SO_BINDTODEVICE that causes
+    len = strlen(device) + 1;
-     EINVAL to be returned if the optlen < sizeof(int); this happens for example
+    /* In Linux 2.6.20 and earlier, there is a bug in SO_BINDTODEVICE that causes
-     with the interface names "" and "lo". Pad the string with null characters
+       EINVAL to be returned if the optlen < sizeof(int); this happens for example
-     so it is above this limit if necessary.
+       with the interface names "" and "lo". Pad the string with null characters
-     http://article.gmane.org/gmane.linux.network/71887
+       so it is above this limit if necessary.
-     http://article.gmane.org/gmane.linux.network/72216 */
+        http://article.gmane.org/gmane.linux.network/71887
-  if (len < sizeof(padded)) {
+        http://article.gmane.org/gmane.linux.network/72216 */
-    /* We rely on strncpy padding with nulls here. */
+    if (len < sizeof(padded)) {
-    strncpy(padded, device, sizeof(padded));
+      /* We rely on strncpy padding with nulls here. */
-    device = padded;
+      strncpy(padded, device, sizeof(padded));
-    len = sizeof(padded);
+      device = padded;
+      len = sizeof(padded);
+    }
   }
 
   /* Linux-specific sockopt asking to use a specific interface. See socket(7). */