From: Alexander Potapenko <gli...@google.com> Date: Mon, 24 Apr 2017 14:59:14 +0200
> In the case getsockopt() is called with PACKET_HDRLEN and optlen < 4 > |val| remains uninitialized and the syscall may behave differently > depending on its value. This doesn't have security consequences (as the > uninit bytes aren't copied back), but it's still cleaner to initialize > |val| and ensure optlen is not less than sizeof(int). > > This bug has been detected with KMSAN. > > Signed-off-by: Alexander Potapenko <gli...@google.com> > --- > v2: - if len < sizeof(int), make it 0 No, you should signal an error if the len is too small. Returning zero bytes to userspace silently makes the user think that he got the data he asked for.
