]> git.baikalelectronics.ru Git - kernel.git/commit
projects / kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7d2a033) | patch
[PATCH] Fix 32bit sendmsg() flaw
authorAl Viro <viro@zeniv.linux.org.uk>
Thu, 8 Sep 2005 01:28:51 +0000 (18:28 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Thu, 8 Sep 2005 15:14:11 +0000 (08:14 -0700)
commit9b8ff999affd959803a4275c2160f86d1d5f3b38
tree7a0195643c37c63335224358256fab8cd445a671tree | snapshot
parent7d2a033bdc272a4cceba4a20edb7a625f9c72354commit | diff
[PATCH] Fix 32bit sendmsg() flaw

When we copy 32bit ->msg_control contents to kernel, we walk the same
userland data twice without sanity checks on the second pass.

Second version of this patch: the original broke with 64-bit arches
running 32-bit-compat-mode executables doing sendmsg() syscalls with
unaligned CMSG data areas

Another thing is that we use kmalloc() to allocate and sock_kfree_s()
to free afterwards; less serious, but also needs fixing.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David Woodhouse <dwmw2@infradead.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
include/net/compat.h diff | blob | history
net/compat.c diff | blob | history
net/socket.c diff | blob | history
Linux Kernel Source Tree.