path: root/lib
diff options
authorAl Viro <>2005-09-07 18:28:51 -0700
committerLinus Torvalds <>2005-09-08 08:14:11 -0700
commit8920e8f94c44e31a73bdf923b04721e26e88cadd (patch)
tree7a0195643c37c63335224358256fab8cd445a671 /lib
parent5aa3b610a7330c3cd6f0cb264d2189a3a1dcf534 (diff)
[PATCH] Fix 32bit sendmsg() flaw
When we copy 32bit ->msg_control contents to kernel, we walk the same userland data twice without sanity checks on the second pass. Second version of this patch: the original broke with 64-bit arches running 32-bit-compat-mode executables doing sendmsg() syscalls with unaligned CMSG data areas Another thing is that we use kmalloc() to allocate and sock_kfree_s() to free afterwards; less serious, but also needs fixing. Signed-off-by: Al Viro <> Signed-off-by: David Woodhouse <> Signed-off-by: Chris Wright <> Signed-off-by: Linus Torvalds <>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions