diff options
author | Mathias Krause <minipli@googlemail.com> | 2013-04-07 14:05:39 +0200 |
---|---|---|
committer | Herbert Xu <herbert@gondor.apana.org.au> | 2013-04-10 14:26:06 +0800 |
commit | 2bf76653f596c437ba26c20218c748d5bacb7f06 (patch) | |
tree | 75d794d75b3906d78018102e1ac906de70f4c473 | |
parent | 118c7331a7a213c609208938b559f06b7962fb78 (diff) | |
download | linux-crypto-2bf76653f596c437ba26c20218c748d5bacb7f06.tar.gz linux-crypto-2bf76653f596c437ba26c20218c748d5bacb7f06.zip |
crypto: algif - suppress sending source address information in recvmsg
The current code does not set the msg_namelen member to 0 and therefore
makes net/socket.c leak the local sockaddr_storage variable to userland
-- 128 bytes of kernel stack memory. Fix that.
Cc: <stable@vger.kernel.org> # 2.6.38
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Diffstat (limited to '')
-rw-r--r-- | crypto/algif_hash.c | 2 | ||||
-rw-r--r-- | crypto/algif_skcipher.c | 1 |
2 files changed, 3 insertions, 0 deletions
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index ef5356cd..0262210c 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock, else if (len < ds) msg->msg_flags |= MSG_TRUNC; + msg->msg_namelen = 0; + lock_sock(sk); if (ctx->more) { ctx->more = 0; diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 6a6dfc06..a1c4f0a5 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, long copied = 0; lock_sock(sk); + msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; |