Home Explore Help
Register Sign In
phyus
/
linux-vybrid_public
8
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

crypto: algif - suppress sending source address information in recvmsg

The current code does not set the msg_namelen member to 0 and therefore
makes net/socket.c leak the local sockaddr_storage variable to userland
-- 128 bytes of kernel stack memory. Fix that.

Cc: <stable@vger.kernel.org> # 2.6.38
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
Mathias Krause 12 years ago
parent
d47cbd5bce
commit
72a763d805
2 changed files with 3 additions and 0 deletions
Split View Show Diff Stats
  1. 2 0
      crypto/algif_hash.c
  2. 1 0
      crypto/algif_skcipher.c

+ 2 - 0
crypto/algif_hash.c
View File 

@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
 
 	else if (len < ds)
 
 		msg->msg_flags |= MSG_TRUNC;
 
 
+	msg->msg_namelen = 0;
 
+
 
 	lock_sock(sk);
 
 	if (ctx->more) {
 
 		ctx->more = 0;

+ 1 - 0
crypto/algif_skcipher.c
View File 

@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
 
 	long copied = 0;
 
 
 	lock_sock(sk);
 
+	msg->msg_namelen = 0;
 
 	for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
 
 	     iovlen--, iov++) {
 
 		unsigned long seglen = iov->iov_len;