Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c

From: David Miller
Date: Mon Mar 19 2007 - 18:51:57 EST

Next message: Oleg Nesterov: "Re: [patch 2/13] signal/timer/event fds v6 - signalfd core ..."
Previous message: David Miller: "Re: [PATCH RESEND] NET: Add packet sock option to return orig_devto userspace when bonded"
In reply to: Chris Wright: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Next in thread: Greg KH: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Chris Wright <chrisw@xxxxxxxxxxxx>
Date: Mon, 19 Mar 2007 15:01:25 -0700

> * Greg KH (gregkh@xxxxxxx) wrote:
> > From: Chris Wright <chrisw@xxxxxxxxxxxx>
> >
> > [IPV6] fix ipv6_getsockopt_sticky copy_to_user leak
> >
> > User supplied len < 0 can cause leak of kernel memory.
> > Use unsigned compare instead.
>
> You can drop this one. It's dependent on a patch
> that is not in 2.6.20.

That's correct, it can be dropped.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Oleg Nesterov: "Re: [patch 2/13] signal/timer/event fds v6 - signalfd core ..."
Previous message: David Miller: "Re: [PATCH RESEND] NET: Add packet sock option to return orig_devto userspace when bonded"
In reply to: Chris Wright: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Next in thread: Greg KH: "Re: [patch 03/31] Fix user copy length in ipv6_sockglue.c"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]