git.osdn.net Git - linux-kernel-docs/linux-2.4.36.git/commit

(root) / linux-kernel-docs / linux-2.4.36.git / commit

author	David S. Miller <davem@davemloft.net>
	Sat, 21 Jun 2008 05:04:34 +0000 (22:04 -0700)
committer	Willy Tarreau <w@1wt.eu>
	Sat, 6 Sep 2008 11:35:25 +0000 (13:35 +0200)
commit	b42297369f3b0994fd1551860737cfb68f4f97ca
tree	e3dddaa9e351e4a3396c9e82070b7330c98ebf38	tree \| snapshot
parent	098a93b6ce9b6779e238c91e75175642ccd19e89	commit \| diff

sctp: Make sure N * sizeof(union sctp_addr) does not overflow (CVE-2008-2826)

[backport of 2.6 commit 735ce972fbc8a65fb17788debd7bbe7b4383cc62]

As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.

Therefore, enforce an appropriate limit.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Willy Tarreau <w@1wt.eu>

net/sctp/socket.c

diff | blob | history

2.4.36-stable kernel tree

RSS Atom

About OSDN

Find Software

Develop Software

Help