summaryrefslogtreecommitdiffstats
path: root/sound
diff options
context:
space:
mode:
authorEric Dumazet <edumazet@google.com>2016-12-02 09:44:53 -0800
committerBen Hutchings <ben@decadent.org.uk>2017-02-23 03:54:47 +0000
commit756826fd4e4a25589a2e77a7ceb791314c73cf48 (patch)
tree4a2bd6c8d34521f3352677414cc2cb893c1268db /sound
parent249741c2c0d7a905da66efc6d1292d3915aef1fc (diff)
downloadlinux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.tar.gz
linux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.tar.bz2
linux-stable-756826fd4e4a25589a2e77a7ceb791314c73cf48.zip
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
commit b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 upstream. CAP_NET_ADMIN users should not be allowed to set negative sk_sndbuf or sk_rcvbuf values, as it can lead to various memory corruptions, crashes, OOM... Note that before commit 82981930125a ("net: cleanups in sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable. This needs to be backported to all known linux kernels. Again, many thanks to syzkaller team for discovering this gem. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Diffstat (limited to 'sound')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-28 03:21:56 +0000