diff options
author | andrew hendry <andrew.hendry@gmail.com> | 2011-02-07 00:08:15 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-02-07 13:41:38 -0800 |
commit | 95c3043008ca8449feb96aba5481fe31c2ea750b (patch) | |
tree | 1a80c238a56c1dc22a8b962f98ee1af363186e64 /ipc | |
parent | 711c914688163dbe757c174788e20695088478e5 (diff) | |
download | linux-95c3043008ca8449feb96aba5481fe31c2ea750b.tar.gz linux-95c3043008ca8449feb96aba5481fe31c2ea750b.tar.bz2 linux-95c3043008ca8449feb96aba5481fe31c2ea750b.zip |
x25: possible skb leak on bad facilities
Originally x25_parse_facilities returned
-1 for an error
0 meaning 0 length facilities
>0 the length of the facilities parsed.
5ef41308f94dc ("x25: Prevent crashing when parsing bad X.25 facilities") introduced more
error checking in x25_parse_facilities however used 0 to indicate bad parsing
a6331d6f9a429 ("memory corruption in X.25 facilities parsing") followed this further for
DTE facilities, again using 0 for bad parsing.
The meaning of 0 got confused in the callers.
If the facilities are messed up we can't determine where the data starts.
So patch makes all parsing errors return -1 and ensures callers close and don't use the skb further.
Reported-by: Andy Whitcroft <apw@canonical.com>
Signed-off-by: Andrew Hendry <andrew.hendry@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'ipc')
0 files changed, 0 insertions, 0 deletions