Re: [PATCH] Fix memory overwriting issue when copy an address to user space

From: David Miller
Date: Fri Jul 17 2020 - 21:43:09 EST

Next message: David Miller: "Re: [PATCH net-next] net: bna: Remove unused variable 't'"
Previous message: Dave Chinner: "Re: [PATCH] tools/memory-model: document the "one-time init" pattern"
In reply to: Jakub Kicinski: "Re: [PATCH] Fix memory overwriting issue when copy an address to user space"
Next in thread: lebon zhou: "[PATCH] Fix memory overwriting issue when copy an address to user space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: lebon zhou <lebon.zhou@xxxxxxxxx>
Date: Fri, 17 Jul 2020 10:31:54 +0000

> When application provided buffer size less than sockaddr_storage, then
> kernel will overwrite some memory area which may cause memory corruption,
> e.g.: in recvmsg case, let msg_name=malloc(8) and msg_namelen=8, then
> usually application can call recvmsg successful but actually application
> memory get corrupted.
>
> Fix to return EINVAL when application buffer size less than
> sockaddr_storage.
>
> Signed-off-by: lebon.zhou <lebon.zhou@xxxxxxxxx>

Please post networking fixes to netdev@xxxxxxxxxxxxxxx

Thank you.

Next message: David Miller: "Re: [PATCH net-next] net: bna: Remove unused variable 't'"
Previous message: Dave Chinner: "Re: [PATCH] tools/memory-model: document the "one-time init" pattern"
In reply to: Jakub Kicinski: "Re: [PATCH] Fix memory overwriting issue when copy an address to user space"
Next in thread: lebon zhou: "[PATCH] Fix memory overwriting issue when copy an address to user space"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]