Patchwork [3.5.y.z,extended,stable] Patch "irda: Fix missing msg_namelen update in irda_recvmsg_dgram()" has been added to staging queue

mail settings
Submitter Luis Henriques
Date May 1, 2013, 11:34 p.m.
Message ID <>
Download mbox | patch
Permalink /patch/240839/
State New
Headers show


Luis Henriques - May 1, 2013, 11:34 p.m.
This is a note to let you know that I have just added a patch titled

    irda: Fix missing msg_namelen update in irda_recvmsg_dgram()

to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree 
which can be found at:;a=shortlog;h=refs/heads/linux-3.5.y-queue

If you, or anyone else, feels it should not be added to this tree, please 
reply to this email.

For more information about the 3.5.y.z tree, see



From 5521631ff3c5bbf133065c014953786a29cbf72d Mon Sep 17 00:00:00 2001
From: Mathias Krause <>
Date: Sun, 7 Apr 2013 01:51:53 +0000
Subject: [PATCH] irda: Fix missing msg_namelen update in irda_recvmsg_dgram()

commit 5ae94c0d2f0bed41d6718be743985d61b7f5c47d upstream.

The current code does not fill the msg_name member in case it is set.
It also does not set the msg_namelen member to 0 and therefore makes
net/socket.c leak the local, uninitialized sockaddr_storage variable
to userland -- 128 bytes of kernel stack memory.

Fix that by simply setting msg_namelen to 0 as obviously nobody cared
about irda_recvmsg_dgram() not filling the msg_name in case it was

Cc: Samuel Ortiz <>
Signed-off-by: Mathias Krause <>
Signed-off-by: David S. Miller <>
Signed-off-by: Luis Henriques <>
 net/irda/af_irda.c | 2 ++
 1 file changed, 2 insertions(+)



diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index d6c291c..bd25678 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1386,6 +1386,8 @@  static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,

 	IRDA_DEBUG(4, "%s()\n", __func__);

+	msg->msg_namelen = 0;
 	skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
 				flags & MSG_DONTWAIT, &err);
 	if (!skb)