Google Git
Sign in
linux / linux / kernel / git / viro / vfs / bceaa90240b6019ed73b49965eac7d167610be69
commitbceaa90240b6019ed73b49965eac7d167610be69[log] [tgz]
authorHannes Frederic Sowa <hannes@stressinduktion.org>Mon Nov 18 04:20:45 2013 +0100
committerDavid S. Miller <davem@davemloft.net>Mon Nov 18 15:12:03 2013 -0500
treef68c10948efff147a7b987369f1e720ad76f411b
parentbcd081a3aef1f7f3786067ae8dd26aaa1cf85153 [diff]
inet: prevent leakage of uninitialized memory to user in recv syscalls

Only update *addr_len when we actually fill in sockaddr, otherwise we
can return uninitialized memory from the stack to the caller in the
recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL)
checks because we only get called with a valid addr_len pointer either
from sock_common_recvmsg or inet_recvmsg.

If a blocking read waits on a socket which is concurrently shut down we
now return zero and set msg_msgnamelen to 0.

Reported-by: mpb <mpb.mail@gmail.com>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
8 files changed
tree: f68c10948efff147a7b987369f1e720ad76f411b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS