diff options
author | Phil Blundell <philb@gnu.org> | 2010-11-24 11:51:47 -0800 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-11-24 11:51:47 -0800 |
commit | a27e13d370415add3487949c60810e36069a23a6 (patch) | |
tree | 072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f /lib/kasprintf.c | |
parent | 16c41745c7b92a243d0874f534c1655196c64b74 (diff) | |
download | linux-stable-a27e13d370415add3487949c60810e36069a23a6.tar.gz linux-stable-a27e13d370415add3487949c60810e36069a23a6.tar.bz2 linux-stable-a27e13d370415add3487949c60810e36069a23a6.zip |
econet: fix CVE-2010-3848
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib/kasprintf.c')
0 files changed, 0 insertions, 0 deletions