mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity

[PATCH] raw_sendmsg DoS (CAN-2005-2492) 

Fix unchecked __get_user that could be tricked into generating a
memory read on an arbitrary address.  The result of the read is not
returned directly but you may be able to divine some information about
it, or use the read to cause a crash on some architectures by reading
hardware state.  CAN-2005-2492.

Fix from Al Viro, ack from Dave Miller.

Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
This commit is contained in:
Al Viro 2005-08-31 10:55:12 +01:00 committed by Chris Wright
parent c255cda2af
commit 0721a681c6
2 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
net/ipv4/raw.c
View File

@ -358,7 +358,7 @@ static void raw_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
if (type && code) {
get_user(fl->fl_icmp_type, type);
__get_user(fl->fl_icmp_code, code);
get_user(fl->fl_icmp_code, code);
probed = 1;
}
break;

2
net/ipv6/raw.c
View File

@ -619,7 +619,7 @@ static void rawv6_probe_proto_opt(struct flowi *fl, struct msghdr *msg)
if (type && code) {
get_user(fl->fl_icmp_type, type);
__get_user(fl->fl_icmp_code, code);
get_user(fl->fl_icmp_code, code);
probed = 1;
}
break;