This is a note to let you know that I've just added the patch titled net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) to the 3.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: net-add-bug_on-if-kernel-advertises-msg_namelen-sizeof-struct-sockaddr_storage.patch and it can be found in the queue-3.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From 763799b13192e076a22f19ac4cdeb50ab1e3e3b9 Mon Sep 17 00:00:00 2001 From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Date: Thu, 21 Nov 2013 03:14:34 +0100 Subject: net: add BUG_ON if kernel advertises msg_namelen > sizeof(struct sockaddr_storage) From: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> [ Upstream commit 68c6beb373955da0886d8f4f5995b3922ceda4be ] In that case it is probable that kernel code overwrote part of the stack. So we should bail out loudly here. The BUG_ON may be removed in future if we are sure all protocols are conformant. Suggested-by: Eric Dumazet <eric.dumazet@xxxxxxxxx> Signed-off-by: Hannes Frederic Sowa <hannes@xxxxxxxxxxxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/socket.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) --- a/net/socket.c +++ b/net/socket.c @@ -215,12 +215,13 @@ static int move_addr_to_user(struct sock int err; int len; + BUG_ON(klen > sizeof(struct sockaddr_storage)); err = get_user(len, ulen); if (err) return err; if (len > klen) len = klen; - if (len < 0 || len > sizeof(struct sockaddr_storage)) + if (len < 0) return -EINVAL; if (len) { if (audit_sockaddr(klen, kaddr)) Patches currently in stable-queue which might be from hannes@xxxxxxxxxxxxxxxxxxx are queue-3.4/inet-prevent-leakage-of-uninitialized-memory-to-user-in-recv-syscalls.patch queue-3.4/net-rework-recvmsg-handler-msg_name-and-msg_namelen-logic.patch queue-3.4/ipv6-use-rt6_get_dflt_router-to-get-default-router-in-rt6_route_rcv.patch queue-3.4/ipv6-fix-possible-seqlock-deadlock-in-ip6_finish_output2.patch queue-3.4/net-add-bug_on-if-kernel-advertises-msg_namelen-sizeof-struct-sockaddr_storage.patch queue-3.4/random32-fix-off-by-one-in-seeding-requirement.patch queue-3.4/inet-fix-possible-seqlock-deadlocks.patch queue-3.4/inet-fix-addr_len-msg-msg_namelen-assignment-in-recv_error-and-rxpmtu-functions.patch queue-3.4/ipv6-fix-leaking-uninitialized-port-number-of-offender-sockaddr.patch -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html