aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMathias Krause <minipli@googlemail.com>2013-04-07 14:05:39 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-04-25 12:51:23 -0700
commit2822050e7d8bb82bced08b21c711ff79a4636f3e (patch)
tree9caf7f956cfe519495053b0aa24d29f0c5df7c13
parent401716d9514ff77c86d93805f3a45f5e6fdd8f10 (diff)
downloadlinux-linaro-stable-2822050e7d8bb82bced08b21c711ff79a4636f3e.tar.gz
crypto: algif - suppress sending source address information in recvmsg
commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream. The current code does not set the msg_namelen member to 0 and therefore makes net/socket.c leak the local sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. Fix that. Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--crypto/algif_hash.c2
-rw-r--r--crypto/algif_skcipher.c1
2 files changed, 3 insertions, 0 deletions
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index ef5356cd280a..0262210cad38 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
else if (len < ds)
msg->msg_flags |= MSG_TRUNC;
+ msg->msg_namelen = 0;
+
lock_sock(sk);
if (ctx->more) {
ctx->more = 0;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index 6a6dfc062d2a..a1c4f0a55583 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
long copied = 0;
lock_sock(sk);
+ msg->msg_namelen = 0;
for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
iovlen--, iov++) {
unsigned long seglen = iov->iov_len;