From: Ben Hutchings <ben@decadent.org.uk>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: torvalds@linux-foundation.org, akpm@linux-foundation.org,
alan@lxorguk.ukuu.org.uk, Olaf Hering <olaf@aepfle.de>,
Marcus Meissner <meissner@suse.de>,
Sebastian Krahmer <krahmer@suse.de>,
"K. Y. Srinivasan" <kys@microsoft.com>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Subject: [ 02/48] Tools: hv: verify origin of netlink connector message
Date: Sun, 01 Jul 2012 18:20:08 +0100 [thread overview]
Message-ID: <20120701172006.992250192@decadent.org.uk> (raw)
In-Reply-To: <20120701172006.535271340@decadent.org.uk>
3.2-stable review patch. If anyone has any objections, please let me know.
------------------
From: Olaf Hering <olaf@aepfle.de>
commit bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c upstream.
The SuSE security team suggested to use recvfrom instead of recv to be
certain that the connector message is originated from kernel.
CVE-2012-2669
Signed-off-by: Olaf Hering <olaf@aepfle.de>
Signed-off-by: Marcus Meissner <meissner@suse.de>
Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
tools/hv/hv_kvp_daemon.c | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/tools/hv/hv_kvp_daemon.c b/tools/hv/hv_kvp_daemon.c
index 146fd61..d9834b3 100644
--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -701,14 +701,18 @@ int main(void)
pfd.fd = fd;
while (1) {
+ struct sockaddr *addr_p = (struct sockaddr *) &addr;
+ socklen_t addr_l = sizeof(addr);
pfd.events = POLLIN;
pfd.revents = 0;
poll(&pfd, 1, -1);
- len = recv(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0);
+ len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
+ addr_p, &addr_l);
- if (len < 0) {
- syslog(LOG_ERR, "recv failed; error:%d", len);
+ if (len < 0 || addr.nl_pid) {
+ syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
+ addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}
next prev parent reply other threads:[~2012-07-01 18:27 UTC|newest]
Thread overview: 77+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-07-01 17:20 [ 00/48] 3.2.22-stable review Ben Hutchings
2012-07-01 17:20 ` [ 01/48] staging:iio:ad7606: Re-add missing scale attribute Ben Hutchings
2012-07-01 17:20 ` Ben Hutchings [this message]
2012-07-01 17:20 ` [ 03/48] edac: avoid mce decoding crash after edac driver unloaded Ben Hutchings
2012-07-01 17:20 ` [ 04/48] hwrng: atmel-rng - fix data valid check Ben Hutchings
2012-07-01 17:20 ` [ 05/48] staging: r8712u: Add new USB IDs Ben Hutchings
2012-07-01 17:20 ` [ 06/48] hwmon: (applesmc) Limit key length in warning messages Ben Hutchings
2012-07-01 17:20 ` [ 07/48] mm: fix slab->page _count corruption when using slub Ben Hutchings
2012-07-02 23:46 ` Herton Ronaldo Krzesinski
2012-07-02 23:56 ` Herton Ronaldo Krzesinski
2012-07-03 1:17 ` Herton Ronaldo Krzesinski
2012-07-03 20:19 ` Pravin Shelar
2012-07-04 4:36 ` Ben Hutchings
2012-07-01 17:20 ` [ 08/48] mm: pmd_read_atomic: fix 32bit PAE pmd walk vs pmd_populate SMP race condition Ben Hutchings
2012-07-01 17:20 ` [ 09/48] thp: avoid atomic64_read in pmd_read_atomic for 32bit PAE Ben Hutchings
2012-07-01 17:20 ` [ 10/48] nilfs2: ensure proper cache clearing for gc-inodes Ben Hutchings
2012-07-01 17:20 ` [ 11/48] mm: correctly synchronize rss-counters at exit/exec Ben Hutchings
2012-07-01 19:02 ` Hugh Dickins
2012-07-02 2:01 ` Ben Hutchings
2012-07-02 16:46 ` Oleg Nesterov
2012-07-04 4:31 ` Ben Hutchings
2012-07-01 17:20 ` [ 12/48] drm/i915: Finish any pending operations on the framebuffer before disabling Ben Hutchings
2012-07-01 17:20 ` [ 13/48] drm/i915: Remove use of the autoreported ringbuffer HEAD position Ben Hutchings
2012-07-01 17:20 ` [ 14/48] e1000e: Disable ASPM L1 on 82574 Ben Hutchings
2012-07-01 17:20 ` [ 15/48] e1000e: Remove special case for 82573/82574 ASPM L1 disablement Ben Hutchings
2012-07-01 22:59 ` Jonathan Nieder
2012-07-02 7:21 ` Chris Boot
2012-07-01 17:20 ` [ 16/48] drm/i915: Do the fallback non-IRQ wait in ring throttle, too Ben Hutchings
2012-07-01 17:20 ` [ 17/48] staging:rts_pstor:Fix possible panic by NULL pointer dereference Ben Hutchings
2012-07-01 17:20 ` [ 18/48] [media] gspca-core: Fix buffers staying in queued state after a stream_off Ben Hutchings
2012-07-01 17:20 ` [ 19/48] [media] smsusb: add autodetection support for USB ID 2040:f5a0 Ben Hutchings
2012-07-01 17:20 ` [ 20/48] drm/edid: dont return stack garbage from supports_rb Ben Hutchings
2012-07-01 17:20 ` [ 21/48] drm/nouveau/fbcon: using nv_two_heads is not a good idea Ben Hutchings
2012-07-01 17:20 ` [ 22/48] dm thin: reinstate missing mempool_free in cell_release_singleton Ben Hutchings
2012-07-01 17:20 ` [ 23/48] ath9k: Fix a WARNING on suspend/resume with IBSS Ben Hutchings
2012-07-01 17:20 ` [ 24/48] cfg80211: fix potential deadlock in regulatory Ben Hutchings
2012-07-01 17:20 ` [ 25/48] ath9k: Fix softlockup in AR9485 Ben Hutchings
2012-07-01 17:20 ` [ 26/48] can: c_can: precedence error in c_can_chip_config() Ben Hutchings
2012-07-01 17:20 ` [ 27/48] ath9k: fix a tx rate duration calculation bug Ben Hutchings
2012-07-01 17:20 ` [ 28/48] batman-adv: fix skb->data assignment Ben Hutchings
2012-07-01 17:20 ` [ 29/48] ARM: SAMSUNG: Should check for IS_ERR(clk) instead of NULL Ben Hutchings
2012-07-01 17:20 ` [ 30/48] ath9k_hw: avoid possible infinite loop in ar9003_get_pll_sqsum_dvc Ben Hutchings
2012-07-01 17:20 ` [ 31/48] iwlwifi: remove log_event debugfs file debugging is disabled Ben Hutchings
2012-07-01 17:20 ` [ 32/48] ARM: SAMSUNG: Fix for S3C2412 EBI memory mapping Ben Hutchings
2012-07-01 17:20 ` [ 33/48] USB: option: add id for Cellient MEN-200 Ben Hutchings
2012-07-01 17:20 ` [ 34/48] oprofile: perf: use NR_CPUS instead or nr_cpumask_bits for static array Ben Hutchings
2012-07-01 17:20 ` [ 35/48] drm/i915: Refactor the deferred PM_IIR handling into a single function Ben Hutchings
2012-07-01 17:20 ` [ 36/48] drm/i915: rip out the PM_IIR WARN Ben Hutchings
2012-07-01 17:20 ` [ 37/48] drm/i915: Fix eDP blank screen after S3 resume on HP desktops Ben Hutchings
2012-07-01 17:20 ` [ 38/48] SCSI & usb-storage: add try_rc_10_first flag Ben Hutchings
2012-07-02 7:10 ` Hans de Goede
2012-07-02 18:52 ` Linus Torvalds
2012-07-02 20:39 ` James Bottomley
2012-07-02 22:23 ` Linus Torvalds
2012-07-03 0:41 ` Matthew Wilcox
2012-07-03 6:18 ` James Bottomley
2012-07-03 15:49 ` Alan Stern
2012-07-03 17:32 ` Matthew Wilcox
2012-07-03 19:50 ` Alan Stern
2012-07-03 20:07 ` James Bottomley
2012-07-03 20:25 ` Alan Stern
2012-07-03 20:35 ` Matthew Wilcox
2012-07-05 21:40 ` Alan Stern
2012-07-06 3:05 ` Matthew Wilcox
2012-07-06 14:00 ` Alan Stern
2012-07-04 4:39 ` Ben Hutchings
2012-07-01 17:20 ` [ 39/48] PM / Sleep: Prevent waiting forever on asynchronous suspend after abort Ben Hutchings
2012-07-01 17:20 ` [ 40/48] x86, cpufeature: Rename X86_FEATURE_DTS to X86_FEATURE_DTHERM Ben Hutchings
2012-07-01 17:20 ` [ 41/48] stable: Allow merging of backports for serious user-visible performance issues Ben Hutchings
2012-07-01 17:20 ` [ 42/48] ALSA: hda - Add Realtek ALC280 codec support Ben Hutchings
2012-07-01 17:20 ` [ 43/48] USB: option: Add USB ID for Novatel Ovation MC551 Ben Hutchings
2012-07-01 17:20 ` [ 44/48] USB: CP210x Add 10 Device IDs Ben Hutchings
2012-07-01 17:20 ` [ 45/48] xen/netfront: teardown the device before unregistering it Ben Hutchings
2012-07-01 17:20 ` [ 46/48] can: flexcan: use be32_to_cpup to handle the value of dt entry Ben Hutchings
2012-07-01 17:20 ` [ 47/48] acpi_pad: fix power_saving thread deadlock Ben Hutchings
2012-07-01 17:20 ` [ 48/48] batman-adv: only drop packets of known wifi clients Ben Hutchings
2012-07-01 19:11 ` [ 00/48] 3.2.22-stable review Ben Hutchings
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120701172006.992250192@decadent.org.uk \
--to=ben@decadent.org.uk \
--cc=akpm@linux-foundation.org \
--cc=alan@lxorguk.ukuu.org.uk \
--cc=gregkh@linuxfoundation.org \
--cc=krahmer@suse.de \
--cc=kys@microsoft.com \
--cc=linux-kernel@vger.kernel.org \
--cc=meissner@suse.de \
--cc=olaf@aepfle.de \
--cc=stable@vger.kernel.org \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox