| Message ID | 1367451248-19701-1-git-send-email-luis.henriques@canonical.com |
|---|---|
| State | New |
| Headers | show |
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c index a13c3e2..445882cb 100644 --- a/net/llc/af_llc.c +++ b/net/llc/af_llc.c @@ -720,6 +720,8 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock, int target; /* Read at least this many bytes */ long timeo; + msg->msg_namelen = 0; + lock_sock(sk); copied = -ENOTCONN; if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
This is a note to let you know that I have just added a patch titled llc: Fix missing msg_namelen update in llc_ui_recvmsg() to the linux-3.5.y-queue branch of the 3.5.y.z extended stable tree which can be found at: http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.5.y-queue If you, or anyone else, feels it should not be added to this tree, please reply to this email. For more information about the 3.5.y.z tree, see https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable Thanks. -Luis ------ From 43db3463d77387c239e0ac5646c3eaee79d34b0e Mon Sep 17 00:00:00 2001 From: Mathias Krause <minipli@googlemail.com> Date: Sun, 7 Apr 2013 01:51:56 +0000 Subject: [PATCH] llc: Fix missing msg_namelen update in llc_ui_recvmsg() commit c77a4b9cffb6215a15196ec499490d116dfad181 upstream. For stream sockets the code misses to update the msg_namelen member to 0 and therefore makes net/socket.c leak the local, uninitialized sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. The msg_namelen update is also missing for datagram sockets in case the socket is shutting down during receive. Fix both issues by setting msg_namelen to 0 early. It will be updated later if we're going to fill the msg_name member. Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Luis Henriques <luis.henriques@canonical.com> --- net/llc/af_llc.c | 2 ++ 1 file changed, 2 insertions(+) -- 1.8.1.2