diff options
| author | Marcel Holtmann <marcel@holtmann.org> | 2005-03-25 17:49:05 -0800 |
|---|---|---|
| committer | Greg KH <gregkh@suse.de> | 2005-05-12 10:00:16 -0700 |
| commit | ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7 (patch) | |
| tree | 06232cbc14f0296a06da4719fdb7efb12ea63c0c | |
| parent | cc981951dbc7d761777faaaf0fa246d9c9e78604 (diff) | |
| download | linux-stable-ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7.tar.gz linux-stable-ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7.tar.bz2 linux-stable-ff8b1b95f7ed208ce29b7c1d9d33abbd7ca447d7.zip | |
[PATCH] Fix signedness problem at socket creation
CAN-2005-0750 is assigned to this issue
ilja <ilja@suresec.org> discovered potential local root exploit in
bluetooth socket creation.
This patch fixes a small signedness problem when creating the
socket.
Signed-off-by: Marcel Holtmann <marcel@holtmann.org>
Signed-off-by: Chris Wright <chrisw@osdl.org>
| -rw-r--r-- | net/bluetooth/af_bluetooth.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c index 8ff58bc2bf27..064641c96e83 100644 --- a/net/bluetooth/af_bluetooth.c +++ b/net/bluetooth/af_bluetooth.c @@ -64,7 +64,7 @@ static kmem_cache_t *bt_sock_cache; int bt_sock_register(int proto, struct net_proto_family *ops) { - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; if (bt_proto[proto]) @@ -77,7 +77,7 @@ EXPORT_SYMBOL(bt_sock_register); int bt_sock_unregister(int proto) { - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; if (!bt_proto[proto]) @@ -92,7 +92,7 @@ static int bt_sock_create(struct socket *sock, int proto) { int err = 0; - if (proto >= BT_MAX_PROTO) + if (proto < 0 || proto >= BT_MAX_PROTO) return -EINVAL; #if defined(CONFIG_KMOD) |