[PATCH] Fix 32bit sendmsg() flaw
When we copy 32bit ->msg_control contents to kernel, we walk the same userland data twice without sanity checks on the second pass. Second version of this patch: the original broke with 64-bit arches running 32-bit-compat-mode executables doing sendmsg() syscalls with unaligned CMSG data areas Another thing is that we use kmalloc() to allocate and sock_kfree_s() to free afterwards; less serious, but also needs fixing. Signed-off-by: NAl Viro <viro@zeniv.linux.org.uk> Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org> Signed-off-by: NChris Wright <chrisw@osdl.org> Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
Showing
想要评论请 注册 或 登录