• M
    llc: fix info leak via getsockname() · 3592aaeb
    Mathias Krause 提交于
    The LLC code wrongly returns 0, i.e. "success", when the socket is
    zapped. Together with the uninitialized uaddrlen pointer argument from
    sys_getsockname this leads to an arbitrary memory leak of up to 128
    bytes kernel stack via the getsockname() syscall.
    
    Return an error instead when the socket is zapped to prevent the info
    leak. Also remove the unnecessary memset(0). We don't directly write to
    the memory pointed by uaddr but memcpy() a local structure at the end of
    the function that is properly initialized.
    Signed-off-by: NMathias Krause <minipli@googlemail.com>
    Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    3592aaeb
af_llc.c 31.0 KB