diff options
| author | Al Viro <viro@ZenIV.linux.org.uk> | 2015-03-14 05:34:56 +0000 |
|---|---|---|
| committer | Ben Hutchings <ben@decadent.org.uk> | 2015-05-09 23:16:39 +0100 |
| commit | 10c82cd7d46e4c525b046c399fcd285ce138198e (patch) | |
| tree | d5c5fdf777403a8bc441cc130b821e1daf3634b3 /net | |
| parent | 57a2e91f726284b567850ffd29ff5456a25d6abb (diff) | |
| download | kernel_samsung_smdk4412-10c82cd7d46e4c525b046c399fcd285ce138198e.zip kernel_samsung_smdk4412-10c82cd7d46e4c525b046c399fcd285ce138198e.tar.gz kernel_samsung_smdk4412-10c82cd7d46e4c525b046c399fcd285ce138198e.tar.bz2 | |
rxrpc: bogus MSG_PEEK test in rxrpc_recvmsg()
[ Upstream commit 7d985ed1dca5c90535d67ce92ef6ca520302340a ]
[I would really like an ACK on that one from dhowells; it appears to be
quite straightforward, but...]
MSG_PEEK isn't passed to ->recvmsg() via msg->msg_flags; as the matter of
fact, neither the kernel users of rxrpc, nor the syscalls ever set that bit
in there. It gets passed via flags; in fact, another such check in the same
function is done correctly - as flags & MSG_PEEK.
It had been that way (effectively disabled) for 8 years, though, so the patch
needs beating up - that case had never been tested. If it is correct, it's
-stable fodder.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'net')
| -rw-r--r-- | net/rxrpc/ar-recvmsg.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c index 898492a..5cc2da5 100644 --- a/net/rxrpc/ar-recvmsg.c +++ b/net/rxrpc/ar-recvmsg.c @@ -87,7 +87,7 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock, if (!skb) { /* nothing remains on the queue */ if (copied && - (msg->msg_flags & MSG_PEEK || timeo == 0)) + (flags & MSG_PEEK || timeo == 0)) goto out; /* wait for a message to turn up */ |