oss-sec mailing list archives
Re: Re: Linux kernel: more net info leak fixes for v3.9
From: Mathias Krause <minipli () googlemail com>
Date: Mon, 22 Apr 2013 14:29:48 +0200
On Mon, Apr 22, 2013 at 2:13 PM, P J P <ppandit () redhat com> wrote:
Hello,
+-- On Mon, 22 Apr 2013, cve-assign () mitre org wrote --+
| 9b3e617f3df53822345a8573b6d358f6b9e5ed87 CVE-2013-3222
Is the following call sequence correct..?
recvmsg
-> __sys_recvmsg
-> sock_recvmsg_nosec/sock_recvmsg
-> __sock_recvmsg_nosec
-> sock->ops->recvmsg
-> vcc_recvmsg
looks reasonable
If yes, *msg seems to hold the user space msghdr values. (Just to confirm)
partly... Have a look at verify_iovec()/verify_compat_iovec(). They're updating the msg_name and msg_iov pointers. Mathias
Current thread:
- Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 14)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 22)
- Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 21)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 cve-assign (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Greg KH (Apr 22)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Petr Matousek (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 Mathias Krause (Apr 23)
- Re: Re: Linux kernel: more net info leak fixes for v3.9 P J P (Apr 23)