]> git.karo-electronics.de Git - karo-tx-linux.git/commit
projects / karo-tx-linux.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4c4f493) | patch
Fix sctp privilege elevation (CVE-2006-3745)
authorSridhar Samudrala <sri@us.ibm.com>
Tue, 22 Aug 2006 18:50:39 +0000 (11:50 -0700)
committerGreg Kroah-Hartman <gregkh@suse.de>
Tue, 22 Aug 2006 19:04:55 +0000 (12:04 -0700)
commit96ec9da385cf72c5f775e5f163420ea92e66ded2
tree932cfcec518c9073143ede63d94ee32835e873b0tree | snapshot
parent4c4f4930a6d3f5a499025aa751baa0373b3cf777commit | diff
Fix sctp privilege elevation (CVE-2006-3745)

sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
include/net/sctp/sctp.h diff | blob | history
include/net/sctp/sm.h diff | blob | history
net/sctp/sm_make_chunk.c diff | blob | history
net/sctp/sm_statefuns.c diff | blob | history
net/sctp/socket.c diff | blob | history
Linux kernel for KaRo TX COM modules