[kernel] r20087 - dists/wheezy-security/linux/debian/patches/bugfix/all

Dann Frazier dannf at alioth.debian.org
Wed May 15 01:15:01 UTC 2013 

Author: dannf
Date: Wed May 15 01:15:01 2013
New Revision: 20087

Log:
.. and add the patch file to go with the series change

Added:
   dists/wheezy-security/linux/debian/patches/bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch

Added: dists/wheezy-security/linux/debian/patches/bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/all/crypto-algif-suppress-sending-source-address-informa.patch	Wed May 15 01:15:01 2013	(r20087)
@@ -0,0 +1,48 @@
+From 419f4ba0f032c8d906153d24e017f4bee6df26f5 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli at googlemail.com>
+Date: Sun, 7 Apr 2013 14:05:39 +0200
+Subject: [PATCH] crypto: algif - suppress sending source address information
+ in recvmsg
+
+commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream.
+
+The current code does not set the msg_namelen member to 0 and therefore
+makes net/socket.c leak the local sockaddr_storage variable to userland
+-- 128 bytes of kernel stack memory. Fix that.
+
+Signed-off-by: Mathias Krause <minipli at googlemail.com>
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ crypto/algif_hash.c     |    2 ++
+ crypto/algif_skcipher.c |    1 +
+ 2 files changed, 3 insertions(+)
+
+diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
+index ef5356c..0262210 100644
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
+ 	else if (len < ds)
+ 		msg->msg_flags |= MSG_TRUNC;
+ 
++	msg->msg_namelen = 0;
++
+ 	lock_sock(sk);
+ 	if (ctx->more) {
+ 		ctx->more = 0;
+diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
+index 6a6dfc0..a1c4f0a 100644
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
+ 	long copied = 0;
+ 
+ 	lock_sock(sk);
++	msg->msg_namelen = 0;
+ 	for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
+ 	     iovlen--, iov++) {
+ 		unsigned long seglen = iov->iov_len;
+-- 
+1.7.10.4
+

More information about the Kernel-svn-changes mailing list