From: Eric Dumazet <redacted>
Date: Wed, 27 Nov 2013 13:27:46 -0800

On Wed, 2013-11-27 at 15:40 +0300, Dan Carpenter wrote:

quoted

If kmsg->msg_namelen > sizeof(struct sockaddr_storage) then in the
original code that would lead to memory corruption in the kernel if you
had audit configured.  If you didn't have audit configured it was
harmless.

There are some programs such as beta versions of Ruby which use too
large of a buffer and returning an error code breaks them.  We should
clamp the ->msg_namelen value instead.

Reported-by: Eric Wong <redacted>
Signed-off-by: Dan Carpenter <redacted>

Fixes: 1661bf364ae9 ("net: heap overflow in __audit_sockaddr()")

Acked-by: Eric Dumazet <edumazet@google.com>

Applied and queued up for -stable, thanks everyone.