diff options
author | Dan Carpenter <error27@gmail.com> | 2011-01-10 04:06:58 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-01-10 13:33:17 -0800 |
commit | facb4edc1e0e849ea98e147a821e60d6d6272c0a (patch) | |
tree | 4de1206d197e889690b622593ab785b318d1905f /net/caif | |
parent | c599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3 (diff) | |
download | linux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.tar.gz linux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.tar.bz2 linux-stable-facb4edc1e0e849ea98e147a821e60d6d6272c0a.zip |
phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.
http://marc.info/?l=full-disclosure&m=129424528425330&w=2
The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows. If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/caif')
0 files changed, 0 insertions, 0 deletions