1
linux/net/phonet
Dan Carpenter facb4edc1e phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-01-10 13:33:17 -08:00
..
af_phonet.c phonet: some signedness bugs 2011-01-10 13:33:17 -08:00
datagram.c Phonet: hook resource routing to userspace via ioctl()'s 2010-09-15 21:31:32 -07:00
Kconfig Phonet: mark the pipe controller as EXPERIMENTAL 2010-10-08 14:09:10 -07:00
Makefile Net: phonet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
pep-gprs.c Phonet: zero-copy aligned GPRS RX 2010-01-07 00:24:54 -08:00
pep.c phonet: remove the unused variable pn 2010-10-20 01:55:54 -07:00
pn_dev.c Phonet: list subscribed resources via proc_fs 2010-09-15 21:31:33 -07:00
pn_netlink.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
socket.c Phonet: 'connect' socket implementation for Pipe controller 2010-10-13 14:40:34 -07:00
sysctl.c sysctl net: Remove unused binary sysctl code 2009-11-12 02:05:06 -08:00