Re: CVE split and a missed file

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

>  -> net/ax25/af_ax25.c

The unpatched code does not have the fundamental problem of updating
msg_namelen in a situation where "sax" is uninitialized.

>  -> net/rose/af_rose.c

The unpatched code does not have the fundamental problem of updating
msg_namelen in a situation where "srose" is uninitialized.

>  -> net/compat.c

This is for the case of a nonzero msg_namelen accompanied by a NULL
msg_name, as mentioned in the comment in the commit. The same choice
was made in net/core/iovec.c (a file that you didn't ask about).

>  -> net/socket.c

Lack of "msg_namelen = 0" statements is not something that would
really be considered a vulnerability in the previous net/socket.c
implementation. From the perspective of net/socket.c itself, the
"msg_namelen = 0" additions are a design improvement that can
contribute to the security of other code.

>  -> net/rxrpc/ar-recvmsg.c

The complete absence of a "msg_namelen =" statement in the unpatched
code seems to be a bug, but it's not the same as updating msg_namelen
in an uninitialized-data situation.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJSzxprAAoJEKllVAevmvmsUzMH/3VKhBHQipalZA4G+8mkscZK
fanNLNwhBXK61rhbQwewXbKAJu2/zuJlCYGiPJcMQ9zIUgRIl4cyDQMK0Wh9JtXc
0ThbrKFWx6Iwan6q/ygs7uX3jMJK2bhnjob8zt1ZN1etrsyTP4cIityk2n/nJf3e
HTeys00RVSUwo6P33EvVjYep8qvsf4ZzZq5Bh+WhxapgU0eCHisZ4+aKfOcvaIB4
qEJjVmr783/jSq0SlKEk9pKeeu6gLhcU0mrdQQ9fOEo3Bvp574W7jjel1IKPFpfO
OE+mP0ULvsE+cH1H/5WTLsxEAyK0GowfCiBH+5M/xdu/AXPx1hsZg4V9p40JnZ4=
=mqWd
-----END PGP SIGNATURE-----