summaryrefslogtreecommitdiffstats
path: root/net/caif
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2011-01-10 04:06:58 +0000
committerDavid S. Miller <davem@davemloft.net>2011-01-10 13:33:17 -0800
commitfacb4edc1e0e849ea98e147a821e60d6d6272c0a (patch)
tree4de1206d197e889690b622593ab785b318d1905f /net/caif
parentc599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3 (diff)
downloadlinux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.tar.gz
linux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.tar.bz2
linux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.zip
phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs in the phonet protocol. http://marc.info/?l=full-disclosure&m=129424528425330&w=2 The problem is that we check for array overflows but "protocol" is signed and we don't check for array underflows. If you have already have CAP_SYS_ADMIN then you could use the bugs to get root, or someone could cause an oops by mistake. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/caif')
0 files changed, 0 insertions, 0 deletions