aboutsummaryrefslogtreecommitdiffstats
path: root/drivers
diff options
context:
space:
mode:
authorOlaf Hering <olaf@aepfle.de>2012-05-31 16:40:06 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2013-10-13 14:51:09 -0700
commitfd819bdaa91422cf6b568bb76c40d0e5d8fbddaf (patch)
tree830af09bc73037833e0183678f2f4749757a46e8 /drivers
parent7b3c1a8576716d825c73ac1739b2b3f0d7226dcf (diff)
downloadkernel_samsung_smdk4412-fd819bdaa91422cf6b568bb76c40d0e5d8fbddaf.zip
kernel_samsung_smdk4412-fd819bdaa91422cf6b568bb76c40d0e5d8fbddaf.tar.gz
kernel_samsung_smdk4412-fd819bdaa91422cf6b568bb76c40d0e5d8fbddaf.tar.bz2
Tools: hv: verify origin of netlink connector message
commit bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c upstream. The SuSE security team suggested to use recvfrom instead of recv to be certain that the connector message is originated from kernel. CVE-2012-2669 Signed-off-by: Olaf Hering <olaf@aepfle.de> Signed-off-by: Marcus Meissner <meissner@suse.de> Signed-off-by: Sebastian Krahmer <krahmer@suse.de> Signed-off-by: K. Y. Srinivasan <kys@microsoft.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Diffstat (limited to 'drivers')
-rw-r--r--drivers/staging/hv/tools/hv_kvp_daemon.c10
1 files changed, 7 insertions, 3 deletions
diff --git a/drivers/staging/hv/tools/hv_kvp_daemon.c b/drivers/staging/hv/tools/hv_kvp_daemon.c
index 33f0f1c..1468a01 100644
--- a/drivers/staging/hv/tools/hv_kvp_daemon.c
+++ b/drivers/staging/hv/tools/hv_kvp_daemon.c
@@ -378,14 +378,18 @@ int main(void)
pfd.fd = fd;
while (1) {
+ struct sockaddr *addr_p = (struct sockaddr *) &addr;
+ socklen_t addr_l = sizeof(addr);
pfd.events = POLLIN;
pfd.revents = 0;
poll(&pfd, 1, -1);
- len = recv(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0);
+ len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
+ addr_p, &addr_l);
- if (len < 0) {
- syslog(LOG_ERR, "recv failed; error:%d", len);
+ if (len < 0 || addr.nl_pid) {
+ syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
+ addr.nl_pid, errno, strerror(errno));
close(fd);
return -1;
}