af_iucv: exploit target message class support of IUCV

The first 4 bytes of data to be sent are stored additionally into the message class field of the send request. A receiving target program (not an af_iucv socket program) can make use of this information to pre-screen incoming messages. Signed-off-by: N Ursula Braun <braunu@de.ibm.com> Signed-off-by: N David S. Miller <davem@davemloft.net>

af_iucv: exploit target message class support of IUCV
The first 4 bytes of data to be sent are stored additionally into the message class field of the send request. A receiving target program (not an af_iucv socket program) can make use of this information to pre-screen incoming messages. Signed-off-by: N Ursula Braun <braunu@de.ibm.com> Signed-off-by: N David S. Miller <davem@davemloft.net>
469689a4 · Ursula Braun · David S. Miller · 7b9d1b22 · 469689a4
隐藏空白更改
内联并排

Showing with 1 addition and 0 deletion

net/iucv/af_iucv.c net/iucv/af_iucv.c +1 -0

未找到文件。
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -644,6 +644,7 @@ static int iucv_sock_sendmsg(struct kiocb *iocb, struct socket *sock,
 		}

 		txmsg.class = 0;
+		memcpy(&txmsg.class, skb->data, skb->len >= 4 ? 4 : skb->len);
 		txmsg.tag = iucv->send_tag++;
 		memcpy(skb->cb, &txmsg.tag, 4);
 		skb_queue_tail(&iucv->send_skb_q, skb);