Attachment 12167 Details for Bug 11955 – Fix for 4.4.next, 4.3.next.

[patch] Fix for 4.4.next, 4.3.next.

0001-lib-Fix-uninitialized-read-in-msghdr_copy.patch (text/plain), 1.29 KB, created by Jeremy Allison on 2016-06-08 17:18:51 UTC

(hide)

Description:

Filename:

MIME Type:

Creator: Jeremy Allison

Created: 2016-06-08 17:18:51 UTC

Size: 1.29 KB

patch

obsolete

>From 56ad9def111cea6b874e7e49fdfb3a02c116486f Mon Sep 17 00:00:00 2001
>From: Jeremy Allison <jra@samba.org>
>Date: Wed, 8 Jun 2016 14:34:20 +0200
>Subject: [PATCH] lib: Fix uninitialized read in msghdr_copy
>
>Signed-off-by: Jeremy Allison <jra@samba.org>
>Reviewed-by: Volker Lendecke <vl@samba.org>
>
>BUG: https://bugzilla.samba.org/show_bug.cgi?id=11955
>
>Autobuild-User(master): Volker Lendecke <vl@samba.org>
>Autobuild-Date(master): Wed Jun  8 18:34:27 CEST 2016 on sn-devel-144
>
>(cherry picked from commit 0e2711b2a0adeda6873f9c8161b9b01a56ae7098)
>---
> source3/lib/msghdr.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
>diff --git a/source3/lib/msghdr.c b/source3/lib/msghdr.c
>index 2aa2f2e..6917069 100644
>--- a/source3/lib/msghdr.c
>+++ b/source3/lib/msghdr.c
>@@ -204,7 +204,14 @@ ssize_t msghdr_copy(struct msghdr_buf *msg, size_t msgsize,
> 	bufsize = (msgsize > offsetof(struct msghdr_buf, buf)) ?
> 		msgsize - offsetof(struct msghdr_buf, buf) : 0;
> 
>-	fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds);
>+	if (msg != NULL) {
>+		msg->msg = (struct msghdr) {};
>+
>+		fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize,
>+					 fds, num_fds);
>+	} else {
>+		fd_len = msghdr_prep_fds(NULL, NULL, bufsize, fds, num_fds);
>+	}
> 
> 	if (fd_len == -1) {
> 		return -1;
>-- 
>2.8.0.rc3.226.g39d4020
>

Flags:

vl: review+

Actions: View

Attachments on bug 11955: 12165 | 12167