From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from shadbolt.e.decadent.org.uk ([88.96.1.126]:41811 "EHLO shadbolt.e.decadent.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1422784AbbEOVIi (ORCPT ); Fri, 15 May 2015 17:08:38 -0400 Message-ID: <1431724102.6315.130.camel@decadent.org.uk> Subject: Re: [ 26/48] net:socket: set msg_namelen to 0 if msg_name is passed as NULL in msghdr struct from userland. From: Ben Hutchings To: Willy Tarreau Cc: linux-kernel@vger.kernel.org, stable@vger.kernel.org, Ani Sinha , "David S. Miller" Date: Fri, 15 May 2015 22:08:22 +0100 In-Reply-To: <20150515080531.395264813@1wt.eu> References: <20150515080531.395264813@1wt.eu> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-j0p4f6p6XrANBuG0ooY9" Mime-Version: 1.0 Sender: stable-owner@vger.kernel.org List-ID: --=-j0p4f6p6XrANBuG0ooY9 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Fri, 2015-05-15 at 10:05 +0200, Willy Tarreau wrote: > 2.6.32-longterm review patch. If anyone has any objections, please let m= e know. >=20 > ------------------ >=20 > From: Ani Sinha >=20 > commit 6a2a2b3ae0759843b22c929881cc184b00cc63ff upstream. >=20 > Linux manpage for recvmsg and sendmsg calls does not explicitly mention s= etting msg_namelen to 0 when > msg_name passed set as NULL. When developers don't set msg_namelen member= in msghdr, it might contain garbage > value which will fail the validation check and sendmsg and recvmsg calls = from kernel will return EINVAL. This will > break old binaries and any code for which there is no access to source co= de. > To fix this, we set msg_namelen to 0 when msg_name is passed as NULL from= userland. [...] I think you'll also want this related fix: commit 91edd096e224941131f896b86838b1e59553696a Author: Catalin Marinas Date: Fri Mar 20 16:48:13 2015 +0000 net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user(= ) behaviour Ben. --=20 Ben Hutchings It is impossible to make anything foolproof because fools are so ingenious. --=-j0p4f6p6XrANBuG0ooY9 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIVAwUAVVZgTue/yOyVhhEJAQreUQ/8D8U638uFVqKJ5vVy0HDbwocYUyG2XSyc 3c+O239UouNKI8/3C9yJaqjLX2Y+uHkS21mCZ2oUppqv8QmwqHSDMnzfzN/ooIUs d4AHYT3jeDcTzTDNPG4ydjAqs6kLs1o20omCmY6YsKFfU6H6sAIsRg4ZodEGpcjG YYaED81B2Ap9D9jy9ofkMyZi9y9M8FF4s61QtuyYPMjV3SCIc/CIuJkVlTg+TQ2I 9FMfU3T8VQNT6+Zsr8TpWe903bNYHZH3+4RpreCdlSZ43NQli8ERa3Gt0LAqKhW5 LM81U1OUuXU52DdrHlwSbf8LrtbOuNK+HBl9+NLgKLVGXBBQc86GQhXKEiP7WuSo 7378xQYi4dTt/0EEZAlarKnUJqgV/8rSfj6qpuIHuSjznFiDiuHzyn3JIzF8lOH1 XGYVySb8LoQQJFXEU1LKGOVIVd3/M2ARmFYW4e7D6xp7EJPssUjgVwr33hXLZmty XlsUVEWRyUbsjFHTP3XotCcyJpw4YwArrQDGuu5/t6u2Ka+b/8eC+qLCuXV8FGZV OmQYSG/noB0535hNkbvSXmITz7Ix/9rT+GIz+Tixf9gRYdEiuBTSU4T/E/gEt4Tz meKge1SgLccqSiWIQKXJVLumusPRQNP75d4cgtj4TLZ9intHZZORbgGqQBY65CaX ZvMLS8A5m6c= =/fbO -----END PGP SIGNATURE----- --=-j0p4f6p6XrANBuG0ooY9--