Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c

From: Chris Wright
Date: Mon Mar 19 2007 - 18:06:49 EST

Next message: James Bottomley: "Re: 2.6.20.3: kernel BUG at mm/slab.c:597 try#2"
Previous message: Matt Mackall: "Re: [PATCH] slab: deal with NULL pointers passed to kmem_cache_free"
In reply to: Greg KH: "[patch 03/31] Fix user copy length in ipv6_sockglue.c"
Next in thread: David Miller: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Greg KH (gregkh@xxxxxxx) wrote:
> From: Chris Wright <chrisw@xxxxxxxxxxxx>
>
> [IPV6] fix ipv6_getsockopt_sticky copy_to_user leak
>
> User supplied len < 0 can cause leak of kernel memory.
> Use unsigned compare instead.

You can drop this one. It's dependent on a patch
that is not in 2.6.20.

thanks,
-chris
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: James Bottomley: "Re: 2.6.20.3: kernel BUG at mm/slab.c:597 try#2"
Previous message: Matt Mackall: "Re: [PATCH] slab: deal with NULL pointers passed to kmem_cache_free"
In reply to: Greg KH: "[patch 03/31] Fix user copy length in ipv6_sockglue.c"
Next in thread: David Miller: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]