projects / GitHub / MotorolaMobilityLLC / kernel-slsi.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c599bd6) | patch
phonet: some signedness bugs
authorDan Carpenter <error27@gmail.com>
Mon, 10 Jan 2011 04:06:58 +0000 (04:06 +0000)
committerDavid S. Miller <davem@davemloft.net>
Mon, 10 Jan 2011 21:33:17 +0000 (13:33 -0800)
commitfacb4edc1e0e849ea98e147a821e60d6d6272c0a
tree4de1206d197e889690b622593ab785b318d1905ftree | snapshot (tar.gz zip)
parentc599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3commit | diff
phonet: some signedness bugs

Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
include/net/phonet/phonet.h diff | blob | blame | history
net/phonet/af_phonet.c diff | blob | blame | history
Motorola kernel-slsi