--- /dev/null
+From bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c Mon Sep 17 00:00:00 2001
+From: Olaf Hering <olaf@aepfle.de>
+Date: Thu, 31 May 2012 16:40:06 +0200
+Subject: Tools: hv: verify origin of netlink connector message
+
+From: Olaf Hering <olaf@aepfle.de>
+
+commit bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c upstream.
+
+The SuSE security team suggested to use recvfrom instead of recv to be
+certain that the connector message is originated from kernel.
+
+CVE-2012-2669
+
+Signed-off-by: Olaf Hering <olaf@aepfle.de>
+Signed-off-by: Marcus Meissner <meissner@suse.de>
+Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/hv/hv_kvp_daemon.c | 10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/tools/hv/hv_kvp_daemon.c
++++ b/tools/hv/hv_kvp_daemon.c
+@@ -701,14 +701,18 @@ int main(void)
+ pfd.fd = fd;
+
+ while (1) {
++ struct sockaddr *addr_p = (struct sockaddr *) &addr;
++ socklen_t addr_l = sizeof(addr);
+ pfd.events = POLLIN;
+ pfd.revents = 0;
+ poll(&pfd, 1, -1);
+
+- len = recv(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0);
++ len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
++ addr_p, &addr_l);
+
+- if (len < 0) {
+- syslog(LOG_ERR, "recv failed; error:%d", len);
++ if (len < 0 || addr.nl_pid) {
++ syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
++ addr.nl_pid, errno, strerror(errno));
+ close(fd);
+ return -1;
+ }
projects / thirdparty / kernel / stable-queue.git / commitdiff
