inet: prevent leakage of uninitialized memory to user in recv syscalls (bceaa902) · Commits · Mirrors / git.kernel.org / pub_scm_linux_kernel_git_stable_linux · GitLab

Commit bceaa902 authored Nov 18, 2013 by

Hannes Frederic Sowa Committed by David S. Miller Nov 18, 2013

inet: prevent leakage of uninitialized memory to user in recv syscalls



Only update *addr_len when we actually fill in sockaddr, otherwise we
can return uninitialized memory from the stack to the caller in the
recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL)
checks because we only get called with a valid addr_len pointer either
from sock_common_recvmsg or inet_recvmsg.

If a blocking read waits on a socket which is concurrently shut down we
now return zero and set msg_msgnamelen to 0.

Reported-by: mpb <mpb.mail@gmail.com>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent bcd081a3

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 0e96f139
· Jul 22, 2019

mentioned in commit 0e96f139

mentioned in commit 0e96f139f6f86a3d5cb6b5b1a912866e24131f48

Toggle commit list
mirror @mirror
mentioned in commit d4bb3646
· Jul 22, 2019

mentioned in commit d4bb3646

mentioned in commit d4bb36468873e5cd3805113f5a84fd7b356d5826

Toggle commit list

Please register or to comment