• Mathias Krause's avatar
    llc: Fix missing msg_namelen update in llc_ui_recvmsg() · c77a4b9c
    Mathias Krause authored
    For stream sockets the code misses to update the msg_namelen member
    to 0 and therefore makes net/socket.c leak the local, uninitialized
    sockaddr_storage variable to userland -- 128 bytes of kernel stack
    memory. The msg_namelen update is also missing for datagram sockets
    in case the socket is shutting down during receive.
    Fix both issues by setting msg_namelen to 0 early. It will be
    updated later if we're going to fill the msg_name member.
    Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
    Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
af_llc.c 31 KB