Please sign in to comment.
inet: prevent leakage of uninitialized memory to user in recv syscalls
Only update *addr_len when we actually fill in sockaddr, otherwise we can return uninitialized memory from the stack to the caller in the recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL) checks because we only get called with a valid addr_len pointer either from sock_common_recvmsg or inet_recvmsg. If a blocking read waits on a socket which is concurrently shut down we now return zero and set msg_msgnamelen to 0. Reported-by: mpb <firstname.lastname@example.org> Suggested-by: Eric Dumazet <email@example.com> Signed-off-by: Hannes Frederic Sowa <firstname.lastname@example.org> Signed-off-by: David S. Miller <email@example.com>
- Loading branch information...
Showing with 17 additions and 38 deletions.