Dan Carpenter facb4edc1e phonet: some signedness bugs ...

Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

2011-01-10 13:33:17 -08:00

..

af_phonet.c

phonet: some signedness bugs

2011-01-10 13:33:17 -08:00

datagram.c

Phonet: hook resource routing to userspace via ioctl()'s

2010-09-15 21:31:32 -07:00

Kconfig

Phonet: mark the pipe controller as EXPERIMENTAL

2010-10-08 14:09:10 -07:00

Makefile

Net: phonet: Makefile: Remove deprecated kbuild goal definitions

2010-11-22 08:16:14 -08:00

pep-gprs.c

Phonet: zero-copy aligned GPRS RX

2010-01-07 00:24:54 -08:00

pep.c

phonet: remove the unused variable pn

2010-10-20 01:55:54 -07:00

pn_dev.c

Phonet: list subscribed resources via proc_fs

2010-09-15 21:31:33 -07:00

pn_netlink.c

include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h

2010-03-30 22:02:32 +09:00

socket.c

Phonet: 'connect' socket implementation for Pipe controller

2010-10-13 14:40:34 -07:00

sysctl.c

sysctl net: Remove unused binary sysctl code

2009-11-12 02:05:06 -08:00