From 8920e8f94c44e31a73bdf923b04721e26e88cadd Mon Sep 17 00:00:00 2001 From: Al Viro Date: Wed, 7 Sep 2005 18:28:51 -0700 Subject: [PATCH] Fix 32bit sendmsg() flaw When we copy 32bit ->msg_control contents to kernel, we walk the same userland data twice without sanity checks on the second pass. Second version of this patch: the original broke with 64-bit arches running 32-bit-compat-mode executables doing sendmsg() syscalls with unaligned CMSG data areas Another thing is that we use kmalloc() to allocate and sock_kfree_s() to free afterwards; less serious, but also needs fixing. Signed-off-by: Al Viro Signed-off-by: David Woodhouse Signed-off-by: Chris Wright Signed-off-by: Linus Torvalds --- include/net/compat.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/net/compat.h') diff --git a/include/net/compat.h b/include/net/compat.h index 9983fd857804..482eb820f13a 100644 --- a/include/net/compat.h +++ b/include/net/compat.h @@ -33,7 +33,7 @@ extern asmlinkage long compat_sys_sendmsg(int,struct compat_msghdr __user *,unsi extern asmlinkage long compat_sys_recvmsg(int,struct compat_msghdr __user *,unsigned); extern asmlinkage long compat_sys_getsockopt(int, int, int, char __user *, int __user *); extern int put_cmsg_compat(struct msghdr*, int, int, int, void *); -extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, unsigned char *, +extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, struct sock *, unsigned char *, int); #endif /* NET_COMPAT_H */ -- cgit v1.2.2 From e50ef933e649a2b43aa10c8a60c491543b8b4c02 Mon Sep 17 00:00:00 2001 From: "David S. Miller" Date: Thu, 8 Sep 2005 12:32:46 -0700 Subject: [NET]: Need struct sock forward decl in net/compat.h Else we get build failures like: CC arch/sparc64/kernel/sparc64_ksyms.o In file included from arch/sparc64/kernel/sparc64_ksyms.c:28: include/net/compat.h:37: warning: "struct sock" declared inside parameter list include/net/compat.h:37: warning: its scope is only this definition or declaration, which is probably not what you want Signed-off-by: David S. Miller --- include/net/compat.h | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'include/net/compat.h') diff --git a/include/net/compat.h b/include/net/compat.h index 482eb820f13a..290bab46d457 100644 --- a/include/net/compat.h +++ b/include/net/compat.h @@ -33,7 +33,8 @@ extern asmlinkage long compat_sys_sendmsg(int,struct compat_msghdr __user *,unsi extern asmlinkage long compat_sys_recvmsg(int,struct compat_msghdr __user *,unsigned); extern asmlinkage long compat_sys_getsockopt(int, int, int, char __user *, int __user *); extern int put_cmsg_compat(struct msghdr*, int, int, int, void *); -extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, struct sock *, unsigned char *, - int); + +struct sock; +extern int cmsghdr_from_user_compat_to_kern(struct msghdr *, struct sock *, unsigned char *, int); #endif /* NET_COMPAT_H */ -- cgit v1.2.2