From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 22 Apr 2013 16:32:05 +0000 (-0700)
Subject: 3.8-stable patches
X-Git-Tag: v3.8.9~16
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ccec99eb0c00ad75d04fd16e2c22569fbc37ea5b;p=thirdparty%2Fkernel%2Fstable-queue.git

3.8-stable patches

added patches:
	crypto-algif-suppress-sending-source-address-information.patch
---

diff --git a/queue-3.8/crypto-algif-suppress-sending-source-address-information.patch b/queue-3.8/crypto-algif-suppress-sending-source-address-information.patch
new file mode 100644
index 00000000000..8f25ea9a814
--- /dev/null
+++ b/queue-3.8/crypto-algif-suppress-sending-source-address-information.patch
@@ -0,0 +1,43 @@
+From 72a763d805a48ac8c0bf48fdb510e84c12de51fe Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Sun, 7 Apr 2013 14:05:39 +0200
+Subject: crypto: algif - suppress sending source address information in recvmsg
+
+From: Mathias Krause <minipli@googlemail.com>
+
+commit 72a763d805a48ac8c0bf48fdb510e84c12de51fe upstream.
+
+The current code does not set the msg_namelen member to 0 and therefore
+makes net/socket.c leak the local sockaddr_storage variable to userland
+-- 128 bytes of kernel stack memory. Fix that.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ crypto/algif_hash.c     |    2 ++
+ crypto/algif_skcipher.c |    1 +
+ 2 files changed, 3 insertions(+)
+
+--- a/crypto/algif_hash.c
++++ b/crypto/algif_hash.c
+@@ -161,6 +161,8 @@ static int hash_recvmsg(struct kiocb *un
+ 	else if (len < ds)
+ 		msg->msg_flags |= MSG_TRUNC;
+ 
++	msg->msg_namelen = 0;
++
+ 	lock_sock(sk);
+ 	if (ctx->more) {
+ 		ctx->more = 0;
+--- a/crypto/algif_skcipher.c
++++ b/crypto/algif_skcipher.c
+@@ -432,6 +432,7 @@ static int skcipher_recvmsg(struct kiocb
+ 	long copied = 0;
+ 
+ 	lock_sock(sk);
++	msg->msg_namelen = 0;
+ 	for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
+ 	     iovlen--, iov++) {
+ 		unsigned long seglen = iov->iov_len;
diff --git a/queue-3.8/series b/queue-3.8/series
index 09d6c0973a8..d34b83b7ab3 100644
--- a/queue-3.8/series
+++ b/queue-3.8/series
@@ -26,3 +26,4 @@ ath9k_htc-accept-1.x-firmware-newer-than-1.3.patch
 ath9k_hw-change-ar9580-initvals-to-fix-a-stability-issue.patch
 mac80211-fix-cfg80211-interaction-on-auth-assoc-request.patch
 ssb-implement-spurious-tone-avoidance.patch
+crypto-algif-suppress-sending-source-address-information.patch