Skip to content

Commit 72a763d

Browse files
minipliherbertx
authored andcommitted
crypto: algif - suppress sending source address information in recvmsg
The current code does not set the msg_namelen member to 0 and therefore makes net/socket.c leak the local sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. Fix that. Cc: <stable@vger.kernel.org> # 2.6.38 Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
1 parent d47cbd5 commit 72a763d

File tree

2 files changed

+3
-0
lines changed

2 files changed

+3
-0
lines changed

Diff for: crypto/algif_hash.c

+2
Original file line numberDiff line numberDiff line change
@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
161161
else if (len < ds)
162162
msg->msg_flags |= MSG_TRUNC;
163163

164+
msg->msg_namelen = 0;
165+
164166
lock_sock(sk);
165167
if (ctx->more) {
166168
ctx->more = 0;

Diff for: crypto/algif_skcipher.c

+1
Original file line numberDiff line numberDiff line change
@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
432432
long copied = 0;
433433

434434
lock_sock(sk);
435+
msg->msg_namelen = 0;
435436
for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
436437
iovlen--, iov++) {
437438
unsigned long seglen = iov->iov_len;

0 commit comments

Comments
 (0)