CVE Request -- kernel: recv{from,msg}() on an rds socket can leak kernel memory

[Petr Matousek <pmatouse () redhat com>]

Two similar issues:

1) Reported by Jay Fenlason and Doug Ledford:
recvfrom() on an RDS socket can disclose sizeof(struct
sockaddr_storage)-sizeof(struct sockaddr_in) bytes of kernel stack to
userspace when receiving a datagram.

2) Reported by Jay Fenlason:
recv{from,msg}() on an RDS socket can disclose sizeof(struct
sockaddr_storage) bytes of kernel stack to userspace when other code
paths are taken.

Both issues end in rds_recvmsg() so one CVE is sufficient.

Upstream commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=06b6a1cf6e776426766298d055bb3991957d90a7

Thanks,
-- 
Petr Matousek / Red Hat Security Response Team