• Andrew Morton's avatar
    [NET]: Fix memory leak in sys_{send,recv}msg() w/compat · d64d3873
    Andrew Morton authored
    From: Dave Johnson <djohnson+linux-kernel@sw.starentnetworks.com>
    
    sendmsg()/recvmsg() syscalls from o32/n32 apps to a 64bit kernel will
    cause a kernel memory leak if iov_len > UIO_FASTIOV for each syscall!
    
    This is because both sys_sendmsg() and verify_compat_iovec() kmalloc a
    new iovec structure.  Only the one from sys_sendmsg() is free'ed.
    
    I wrote a simple test program to confirm this after identifying the
    problem:
    
    http://davej.org/programs/testsendmsg.c
    
    Note that the below fix will break solaris_sendmsg()/solaris_recvmsg() as
    it also calls verify_compat_iovec() but expects it to malloc internally.
    
    [ I fixed that. -DaveM ]
    Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    d64d3873
socket.c 12.1 KB