--- /dev/null
+From 72a763d805a48ac8c0bf48fdb510e84c12de51fe Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sun, 7 Apr 2013 14:05:39 +0200
+Subject: crypto: algif - suppress sending source address information in recvmsg
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream.
+
+The current code does not set the msg_namelen member to 0 and therefore
+makes net/socket.c leak the local sockaddr_storage variable to userland
+-- 128 bytes of kernel stack memory. Fix that.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algif_hash.c | 2 ++
+ crypto/algif_skcipher.c | 1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *un
+ else if (len < ds)
+ msg->msg_flags |= MSG_TRUNC;
+
++ msg->msg_namelen = 0;
++
+ lock_sock(sk);
+ if (ctx->more) {
+ ctx->more = 0;
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb
+ long copied = 0;
+
+ lock_sock(sk);
++ msg->msg_namelen = 0;
+ for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
+ iovlen--, iov++) {
+ unsigned long seglen = iov->iov_len;
projects / thirdparty / kernel / stable-queue.git / commitdiff
