| From: Mathias Krause <minipli@googlemail.com> |
| Date: Sun, 7 Apr 2013 14:05:39 +0200 |
| Subject: crypto: algif - suppress sending source address information in |
| recvmsg |
| |
| commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream. |
| |
| The current code does not set the msg_namelen member to 0 and therefore |
| makes net/socket.c leak the local sockaddr_storage variable to userland |
| -- 128 bytes of kernel stack memory. Fix that. |
| |
| Signed-off-by: Mathias Krause <minipli@googlemail.com> |
| Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| crypto/algif_hash.c | 2 ++ |
| crypto/algif_skcipher.c | 1 + |
| 2 files changed, 3 insertions(+) |
| |
| --- a/crypto/algif_hash.c |
| +++ b/crypto/algif_hash.c |
| @@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *un |
| else if (len < ds) |
| msg->msg_flags |= MSG_TRUNC; |
| |
| + msg->msg_namelen = 0; |
| + |
| lock_sock(sk); |
| if (ctx->more) { |
| ctx->more = 0; |
| --- a/crypto/algif_skcipher.c |
| +++ b/crypto/algif_skcipher.c |
| @@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb |
| long copied = 0; |
| |
| lock_sock(sk); |
| + msg->msg_namelen = 0; |
| for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; |
| iovlen--, iov++) { |
| unsigned long seglen = iov->iov_len; |