inet: prevent leakage of uninitialized memory to user in recv syscalls (bceaa902) · Commits · Martyn Welch / linux

Commit bceaa902 authored 11 years ago by Hannes Frederic Sowa Committed by David S. Miller 11 years ago

inet: prevent leakage of uninitialized memory to user in recv syscalls


Only update *addr_len when we actually fill in sockaddr, otherwise we
can return uninitialized memory from the stack to the caller in the
recvfrom, recvmmsg and recvmsg syscalls. Drop the the (addr_len == NULL)
checks because we only get called with a valid addr_len pointer either
from sock_common_recvmsg or inet_recvmsg.

If a blocking read waits on a socket which is concurrently shut down we
now return zero and set msg_msgnamelen to 0.

Reported-by: mpb <mpb.mail@gmail.com>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

parent bcd081a3

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 17 additions and 38 deletions

Please register or to comment