diff options
author | ralf@linux-mips.org <ralf@linux-mips.org> | 2005-03-10 19:47:08 -0800 |
---|---|---|
committer | <chrisw@vas.sous-sol.org> | 2005-05-26 21:20:06 -0700 |
commit | 87127723a58fe970177ce087e079f2fffac2adce (patch) | |
tree | e5cefe66570da03dabb35fe5037fcefe2183cfbf | |
parent | bb2c14017115369ba23f7fe86309e725bd2ee9b5 (diff) | |
download | linux-stable-87127723a58fe970177ce087e079f2fffac2adce.tar.gz linux-stable-87127723a58fe970177ce087e079f2fffac2adce.tar.bz2 linux-stable-87127723a58fe970177ce087e079f2fffac2adce.zip |
[PATCH] Fix minor security hole
ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
-rw-r--r-- | net/rose/rose_route.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c index 92674a1cc49e..d19d931a1a75 100644 --- a/net/rose/rose_route.c +++ b/net/rose/rose_route.c @@ -727,7 +727,8 @@ int rose_rt_ioctl(unsigned int cmd, void __user *arg) } if (rose_route.mask > 10) /* Mask can't be more than 10 digits */ return -EINVAL; - + if (rose_route.ndigis > 8) /* No more than 8 digipeats */ + return -EINVAL; err = rose_add_node(&rose_route, dev); dev_put(dev); return err; |