On Fri, 2015-05-15 at 10:05 +0200, Willy Tarreau wrote: > 2.6.32-longterm review patch. If anyone has any objections, please let me > know. > > ------------------ > > From: Ani Sinha <[email protected]> > > commit 6a2a2b3ae0759843b22c929881cc184b00cc63ff upstream. > > Linux manpage for recvmsg and sendmsg calls does not explicitly mention > setting msg_namelen to 0 when > msg_name passed set as NULL. When developers don't set msg_namelen member in > msghdr, it might contain garbage > value which will fail the validation check and sendmsg and recvmsg calls from > kernel will return EINVAL. This will > break old binaries and any code for which there is no access to source code. > To fix this, we set msg_namelen to 0 when msg_name is passed as NULL from > userland. [...]
I think you'll also want this related fix: commit 91edd096e224941131f896b86838b1e59553696a Author: Catalin Marinas <[email protected]> Date: Fri Mar 20 16:48:13 2015 +0000 net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour Ben. -- Ben Hutchings It is impossible to make anything foolproof because fools are so ingenious.
signature.asc
Description: This is a digitally signed message part
