3592aaeb80
The LLC code wrongly returns 0, i.e. "success", when the socket is zapped. Together with the uninitialized uaddrlen pointer argument from sys_getsockname this leads to an arbitrary memory leak of up to 128 bytes kernel stack via the getsockname() syscall. Return an error instead when the socket is zapped to prevent the info leak. Also remove the unnecessary memset(0). We don't directly write to the memory pointed by uaddr but memcpy() a local structure at the end of the function that is properly initialized. Signed-off-by: Mathias Krause <minipli@googlemail.com> Cc: Arnaldo Carvalho de Melo <acme@ghostprotocols.net> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
af_llc.c | ||
Kconfig | ||
llc_c_ac.c | ||
llc_c_ev.c | ||
llc_c_st.c | ||
llc_conn.c | ||
llc_core.c | ||
llc_if.c | ||
llc_input.c | ||
llc_output.c | ||
llc_pdu.c | ||
llc_proc.c | ||
llc_s_ac.c | ||
llc_s_ev.c | ||
llc_s_st.c | ||
llc_sap.c | ||
llc_station.c | ||
Makefile | ||
sysctl_net_llc.c |