On Fri, 2015-05-15 at 10:05 +0200, Willy Tarreau wrote:
> 2.6.32-longterm review patch. If anyone has any objections, please let me know.
>
> ------------------
>
> From: Ani Sinha <ani@xxxxxxxxxx>
>
> commit 6a2a2b3ae0759843b22c929881cc184b00cc63ff upstream.
>
> Linux manpage for recvmsg and sendmsg calls does not explicitly mention setting msg_namelen to 0 when
> msg_name passed set as NULL. When developers don't set msg_namelen member in msghdr, it might contain garbage
> value which will fail the validation check and sendmsg and recvmsg calls from kernel will return EINVAL. This will
> break old binaries and any code for which there is no access to source code.
> To fix this, we set msg_namelen to 0 when msg_name is passed as NULL from userland.
[...]
I think you'll also want this related fix:
commit 91edd096e224941131f896b86838b1e59553696a
Author: Catalin Marinas <catalin.marinas@xxxxxxx>
Date: Fri Mar 20 16:48:13 2015 +0000
net: compat: Update get_compat_msghdr() to match copy_msghdr_from_user() behaviour
Ben.
--
Ben Hutchings
It is impossible to make anything foolproof because fools are so ingenious.
Attachment:
signature.asc
Description: This is a digitally signed message part