| Message ID | 1367451245-19656-1-git-send-email-luis.henriques@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c index cd6f7a9..625bc50 100644 --- a/net/iucv/af_iucv.c +++ b/net/iucv/af_iucv.c @@ -1331,6 +1331,8 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock, struct sk_buff *skb, *rskb, *cskb; int err = 0; + msg->msg_namelen = 0; + if ((sk->sk_state == IUCV_DISCONN) && skb_queue_empty(&iucv->backlog_skb_q) && skb_queue_empty(&sk->sk_receive_queue) &&
This is a note to let you know that I have just added a patch titled iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ------ From 88c038e619d8d78c2d3669829498f897c96cfeff Mon Sep 17 00:00:00 2001 From: Mathias Krause <minipli@googlemail.com> Date: Sun, 7 Apr 2013 01:51:54 +0000 Subject: [PATCH] iucv: Fix missing msg_namelen update in iucv_sock_recvmsg() commit a5598bd9c087dc0efc250a5221e5d0e6f584ee88 upstream. The current code does not fill the msg_name member in case it is set. It also does not set the msg_namelen member to 0 and therefore makes net/socket.c leak the local, uninitialized sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. Fix that by simply setting msg_namelen to 0 as obviously nobody cared about iucv_sock_recvmsg() not filling the msg_name in case it was set. Cc: Ursula Braun <ursula.braun@de.ibm.com> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> --- net/iucv/af_iucv.c | 2 ++ 1 file changed, 2 insertions(+) -- 1.8.1.2