Guard check in module loader against integer overflow
authorDavid Howells <dhowells@redhat.com>
Tue, 22 May 2012 14:56:13 +0000 (15:56 +0100)
committerRusty Russell <rusty@rustcorp.com.au>
Wed, 23 May 2012 12:58:53 +0000 (22:28 +0930)
commitef26a5a6eadb7cd0637e1e9e246cd42505b8ec8c
tree94f8b1998d94080a842f94529f0d95cfe1bcc53a
parent3c7ec94d2c4a67d9663a080aa5080134308261c4
Guard check in module loader against integer overflow

The check:

if (len < hdr->e_shoff + hdr->e_shnum * sizeof(Elf_Shdr))

may not work if there's an overflow in the right-hand side of the condition.

Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
kernel/module.c