]> git.ipfire.org Git - thirdparty/kernel/stable-queue.git/blob - releases/3.4.77/net-rose-restore-old-recvmsg-behavior.patch
projects / thirdparty / kernel / stable-queue.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
4.9-stable patches
[thirdparty/kernel/stable-queue.git] / releases / 3.4.77 / net-rose-restore-old-recvmsg-behavior.patch
1 From foo@baz Mon Jan 13 09:28:30 PST 2014
2 From: Florian Westphal <fw@strlen.de>
3 Date: Mon, 23 Dec 2013 00:32:31 +0100
4 Subject: net: rose: restore old recvmsg behavior
5
6 From: Florian Westphal <fw@strlen.de>
7
8 [ Upstream commit f81152e35001e91997ec74a7b4e040e6ab0acccf ]
9
10 recvmsg handler in net/rose/af_rose.c performs size-check ->msg_namelen.
11
12 After commit f3d3342602f8bcbf37d7c46641cb9bca7618eb1c
13 (net: rework recvmsg handler msg_name and msg_namelen logic), we now
14 always take the else branch due to namelen being initialized to 0.
15
16 Digging in netdev-vger-cvs git repo shows that msg_namelen was
17 initialized with a fixed-size since at least 1995, so the else branch
18 was never taken.
19
20 Compile tested only.
21
22 Signed-off-by: Florian Westphal <fw@strlen.de>
23 Acked-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
24 Signed-off-by: David S. Miller <davem@davemloft.net>
25 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
26 ---
27 net/rose/af_rose.c | 16 ++++------------
28 1 file changed, 4 insertions(+), 12 deletions(-)
29
30 --- a/net/rose/af_rose.c
31 +++ b/net/rose/af_rose.c
32 @@ -1257,6 +1257,7 @@ static int rose_recvmsg(struct kiocb *io
33
34 if (msg->msg_name) {
35 struct sockaddr_rose *srose;
36 + struct full_sockaddr_rose *full_srose = msg->msg_name;
37
38 memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
39 srose = msg->msg_name;
40 @@ -1264,18 +1265,9 @@ static int rose_recvmsg(struct kiocb *io
41 srose->srose_addr = rose->dest_addr;
42 srose->srose_call = rose->dest_call;
43 srose->srose_ndigis = rose->dest_ndigis;
44 - if (msg->msg_namelen >= sizeof(struct full_sockaddr_rose)) {
45 - struct full_sockaddr_rose *full_srose = (struct full_sockaddr_rose *)msg->msg_name;
46 - for (n = 0 ; n < rose->dest_ndigis ; n++)
47 - full_srose->srose_digis[n] = rose->dest_digis[n];
48 - msg->msg_namelen = sizeof(struct full_sockaddr_rose);
49 - } else {
50 - if (rose->dest_ndigis >= 1) {
51 - srose->srose_ndigis = 1;
52 - srose->srose_digi = rose->dest_digis[0];
53 - }
54 - msg->msg_namelen = sizeof(struct sockaddr_rose);
55 - }
56 + for (n = 0 ; n < rose->dest_ndigis ; n++)
57 + full_srose->srose_digis[n] = rose->dest_digis[n];
58 + msg->msg_namelen = sizeof(struct full_sockaddr_rose);
59 }
60
61 skb_free_datagram(sk, skb);
Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/stable-queue.git