Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 3592aaeb80290bda0f2cf0b5456c97bfc638b192
commit3592aaeb80290bda0f2cf0b5456c97bfc638b192[log] [tgz]
authorMathias Krause <minipli@googlemail.com>Wed Aug 15 11:31:53 2012 +0000
committerDavid S. Miller <davem@davemloft.net>Wed Aug 15 21:36:31 2012 -0700
tree01a4eb39de130787cdf321fe1c39896e47d1a1eb
parent04d4fbca1017c11381e7d82acea21dd741e748bc [diff]
llc: fix info leak via getsockname()

The LLC code wrongly returns 0, i.e. "success", when the socket is
zapped. Together with the uninitialized uaddrlen pointer argument from
sys_getsockname this leads to an arbitrary memory leak of up to 128
bytes kernel stack via the getsockname() syscall.

Return an error instead when the socket is zapped to prevent the info
leak. Also remove the unnecessary memset(0). We don't directly write to
the memory pointed by uaddr but memcpy() a local structure at the end of
the function that is properly initialized.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: 01a4eb39de130787cdf321fe1c39896e47d1a1eb
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS