2d6fbfe733
The current code does not fill the msg_name member in case it is set. It also does not set the msg_namelen member to 0 and therefore makes net/socket.c leak the local, uninitialized sockaddr_storage variable to userland -- 128 bytes of kernel stack memory. Fix that by simply setting msg_namelen to 0 as obviously nobody cared about caif_seqpkt_recvmsg() not filling the msg_name in case it was set. Cc: Sjur Braendeland <sjur.brandeland@stericsson.com> Signed-off-by: Mathias Krause <minipli@googlemail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
caif_dev.c | ||
caif_socket.c | ||
caif_usb.c | ||
cfcnfg.c | ||
cfctrl.c | ||
cfdbgl.c | ||
cfdgml.c | ||
cffrml.c | ||
cfmuxl.c | ||
cfpkt_skbuff.c | ||
cfrfml.c | ||
cfserl.c | ||
cfsrvl.c | ||
cfutill.c | ||
cfveil.c | ||
cfvidl.c | ||
chnl_net.c |