[patch 08/16] [ROSE]: Fix minor security hole

From: Chris Wright
Date: Mon May 23 2005 - 19:15:36 EST

Next message: Kenneth Johansson: "NFS corruption on 2.6.11.7"
Previous message: George Anzinger: "Re: [PATCH rc4-mm2 2/2] posix-timers: use try_to_del_timer_sync()"
In reply to: Chris Wright: "[patch 15/16] x86_64: When checking vmalloc mappings don't use pte_page"
Next in thread: Chris Wright: "[patch 16/16] x86_64: Don't look up struct page pointer of physical address in iounmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.

Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>

---
net/rose/rose_route.c | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)

--- linux-2.6.11.10.orig/net/rose/rose_route.c 2005-05-16 10:52:02.000000000 -0700
+++ linux-2.6.11.10/net/rose/rose_route.c 2005-05-20 09:36:34.381946976 -0700
@@ -727,7 +727,8 @@
}
if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
return -EINVAL;
-
+ if (rose_route.ndigis > 8) /* No more than 8 digipeats */
+ return -EINVAL;
err = rose_add_node(&rose_route, dev);
dev_put(dev);
return err;

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Kenneth Johansson: "NFS corruption on 2.6.11.7"
Previous message: George Anzinger: "Re: [PATCH rc4-mm2 2/2] posix-timers: use try_to_del_timer_sync()"
In reply to: Chris Wright: "[patch 15/16] x86_64: When checking vmalloc mappings don't use pte_page"
Next in thread: Chris Wright: "[patch 16/16] x86_64: Don't look up struct page pointer of physical address in iounmap"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]