[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 27 Nov 2013 11:32:18 +0000
From: Eric Wong <normalperson@...t.net>
To: Dan Carpenter <dan.carpenter@...cle.com>
Cc: "David S. Miller" <davem@...emloft.net>, netdev@...r.kernel.org,
security@...nel.org,
Jüri Aedla <juri.aedla@...il.com>,
stable@...nel.org
Subject: Re: [patch v2] net: heap overflow in __audit_sockaddr()
Dan Carpenter <dan.carpenter@...cle.com> wrote:
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -1964,6 +1964,16 @@ struct used_address {
> unsigned int name_len;
> };
>
> +static int copy_msghdr_from_user(struct msghdr *kmsg,
> + struct msghdr __user *umsg)
> +{
> + if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
> + return -EFAULT;
> + if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
> + return -EINVAL;
> + return 0;
Crap, this seems to break Ruby trunk :x
https://bugs.ruby-lang.org/issues/9124
I'm inclined to think Ruby is wrong to use a gigantic buffer, but this
may also break some other existing userspace code. I'm not sure what
the best option since breaking userspace (even buggy userspace?) is not
taken lightly.
Is there a different way to fix this in the kernel?
Note: this doesn't affect a stable release of Ruby, yet.
(Not a Ruby developer myself, just occasional contributor).
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists