Kees Cook writes:
> On Wed, Nov 1, 2017 at 5:48 AM, Eric W. Biederman
> wrote:
>> Eric Dumazet writes:
>>
>>> On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
Some protocols do not correctly wipe the contents of the on-stack
struct sockaddr_storage sent down into recvmsg() (e.g. S
On Wed, Nov 1, 2017 at 7:23 PM, Kees Cook wrote:
> On Wed, Nov 1, 2017 at 5:48 AM, Eric W. Biederman
> wrote:
>> Eric Dumazet writes:
>>
>>> On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
Some protocols do not correctly wipe the contents of the on-stack
struct sockaddr_storage se
On Wed, Nov 1, 2017 at 5:48 AM, Eric W. Biederman wrote:
> Eric Dumazet writes:
>
>> On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
>>> Some protocols do not correctly wipe the contents of the on-stack
>>> struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
>>> kernel stac
On Wed, Nov 1, 2017 at 5:48 AM, Eric W. Biederman wrote:
> Eric Dumazet writes:
>
>> On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
>>> Some protocols do not correctly wipe the contents of the on-stack
>>> struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
>>> kernel stac
Eric Dumazet writes:
> On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
>> Some protocols do not correctly wipe the contents of the on-stack
>> struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
>> kernel stack contents to userspace. This wipes it unconditionally before
>>
On Tue, Oct 31, 2017 at 09:14:45AM -0700, Kees Cook wrote:
> diff --git a/net/socket.c b/net/socket.c
> index c729625eb5d3..34183f4fbdf8 100644
> --- a/net/socket.c
> +++ b/net/socket.c
> @@ -2188,6 +2188,7 @@ static int ___sys_recvmsg(struct socket *sock, struct
> user_msghdr __user *msg,
>
On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
> Some protocols do not correctly wipe the contents of the on-stack
> struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
> kernel stack contents to userspace. This wipes it unconditionally before
> per-protocol handlers run.
>
On Tue, 2017-10-31 at 09:14 -0700, Kees Cook wrote:
> Some protocols do not correctly wipe the contents of the on-stack
> struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
> kernel stack contents to userspace. This wipes it unconditionally before
> per-protocol handlers run.
>
Some protocols do not correctly wipe the contents of the on-stack
struct sockaddr_storage sent down into recvmsg() (e.g. SCTP), and leak
kernel stack contents to userspace. This wipes it unconditionally before
per-protocol handlers run.
Note that leaks like this are mitigated by building with
CONF
