diff options
author | Eric Dumazet <edumazet@google.com> | 2016-12-02 09:44:53 -0800 |
---|---|---|
committer | Ben Hutchings <ben@decadent.org.uk> | 2017-02-23 03:54:47 +0000 |
commit | 756826fd4e4a25589a2e77a7ceb791314c73cf48 (patch) | |
tree | 4a2bd6c8d34521f3352677414cc2cb893c1268db /sound | |
parent | 249741c2c0d7a905da66efc6d1292d3915aef1fc (diff) | |
download | linux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.tar.gz linux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.tar.bz2 linux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.zip |
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
commit b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 upstream.
CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...
Note that before commit 82981930125a ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.
This needs to be backported to all known linux kernels.
Again, many thanks to syzkaller team for discovering this gem.
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'sound')
0 files changed, 0 insertions, 0 deletions