From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Message-Id: <20130507035854.492831548@goodmis.org> Date: Mon, 06 May 2013 23:58:33 -0400 From: Steven Rostedt To: linux-kernel@vger.kernel.org, stable@vger.kernel.org Cc: Mathias Krause , Herbert Xu Subject: [081/126] crypto: algif - suppress sending source address information in recvmsg References: <20130507035712.909872333@goodmis.org> Content-Disposition: inline; filename=0081-crypto-algif-suppress-sending-source-address-informa.patch Sender: linux-kernel-owner@vger.kernel.org List-ID: 3.6.11.3 stable review patch. If anyone has any objections, please let me know. ------------------ From: Mathias Krause [ Upstream commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe ] The current code does not set the msg_namelen member to 0 and therefore makes net/socket.c leak the local sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. Fix that. Cc: # 2.6.38 Signed-off-by: Mathias Krause Signed-off-by: Herbert Xu Signed-off-by: Steven Rostedt --- crypto/algif_hash.c | 2 ++ crypto/algif_skcipher.c | 1 + 2 files changed, 3 insertions(+) diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c index ef5356c..0262210 100644 --- a/crypto/algif_hash.c +++ b/crypto/algif_hash.c @@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock, else if (len < ds) msg->msg_flags |= MSG_TRUNC; + msg->msg_namelen = 0; + lock_sock(sk); if (ctx->more) { ctx->more = 0; diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c index 6a6dfc0..a1c4f0a 100644 --- a/crypto/algif_skcipher.c +++ b/crypto/algif_skcipher.c @@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock, long copied = 0; lock_sock(sk); + msg->msg_namelen = 0; for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; iovlen--, iov++) { unsigned long seglen = iov->iov_len; -- 1.7.10.4