Sridhar Samudrala c164a9ba0a Fix sctp privilege elevation (CVE-2006-3745)
sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-08-22 12:52:23 -07:00
..
2005-04-16 15:20:36 -07:00
2006-04-14 15:00:20 -07:00
2005-04-16 15:20:36 -07:00
2005-08-29 15:32:25 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2006-01-03 13:10:31 -08:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2006-03-23 07:12:57 -05:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-11-14 21:58:18 -08:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-04-16 15:20:36 -07:00
2005-09-22 07:57:21 -03:00
2006-03-20 22:59:36 -08:00
2006-08-02 15:02:31 -07:00
2005-08-29 16:01:32 -07:00
2005-08-29 15:32:25 -07:00
2005-06-21 18:46:13 -07:00
2006-07-03 15:27:10 -07:00
2006-06-30 14:12:10 -07:00