In the kernel bug (https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1335478?comments=all),
the kernel developer who is patching the kernel for binsock issues says
the root issue is in bindsock, not in the kernel:
@Ben -- the code is clear, the issue is the API is
not clear. These issues have occurred because the userspace program is
passing in junk in one of the fields of the structure it passes to the
kernel, literally random bits from its stack. In attempting to validate
those to prevent security issues this userspace application has been caught
out. The main issue is the documentation for the call can be read to say
you do not need to fill in that field under some circumstances, a failure
in the documentation, but given that the validation needs to be more targetted;
and this final fix does that, zapping the "not needed to be filled
value" to zero when it is not required to avoid validation failures.
The new code also documents this ABI weakness so that it should not occur.
Of course none of that excuses the userspace programmer
from not initialising this structure sensibly regardless of the documentation.
It is plain sloppy practice.
And also has provided a way to confirm
the bug:
The attached test.c should tickle this bug, sendmsg
should return ret=4 errno=0 when the fix is applied, ret=-1 errno=22 when
it is not.
https://bugs.launchpad.net/ubuntu/+source/linux-lts-trusty/+bug/1335478/+attachment/4284352/+files/test.c
I just opened up PMR 41425
227 000 to try to get this fixed
for good.