Skip to main content

Browse the archive

https://github.com/torvalds/linux
05 April 2024, 19:05:47 UTC
Revision 405c005949e47b6e91359159c24753519ded0c67 authored by Neal Cardwell on 08 December 2012, 19:43:22 UTC, committed by David S. Miller on 09 December 2012, 23:59:37 UTC 
inet_diag: validate byte code to prevent oops in inet_diag_bc_run()
 
Add logic to validate INET_DIAG_BC_S_COND and INET_DIAG_BC_D_COND
operations.

Previously we did not validate the inet_diag_hostcond, address family,
address length, and prefix length. So a malicious user could make the
kernel read beyond the end of the bytecode array by claiming to have a
whole inet_diag_hostcond when the bytecode was not long enough to
contain a whole inet_diag_hostcond of the given address family. Or
they could make the kernel read up to about 27 bytes beyond the end of
a connection address by passing a prefix length that exceeded the
length of addresses of the given family.

Signed-off-by: Neal Cardwell <ncardwell@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 1c95df8
History
Tip revision: 405c005949e47b6e91359159c24753519ded0c67 authored by Neal Cardwell on 08 December 2012, 19:43:22 UTC
inet_diag: validate byte code to prevent oops in inet_diag_bc_run()
Tip revision: 405c005
File Mode Size
Documentation
arch
block
crypto
drivers
firmware
fs
include
init
ipc
kernel
lib
mm
net
samples
scripts
security
sound
tools
usr
virt
.gitignore -rw-r--r-- 1.1 KB
.mailmap -rw-r--r-- 4.4 KB
COPYING -rw-r--r-- 18.3 KB
CREDITS -rw-r--r-- 92.8 KB
Kbuild -rw-r--r-- 2.5 KB
Kconfig -rw-r--r-- 252 bytes
MAINTAINERS -rw-r--r-- 224.8 KB
Makefile -rw-r--r-- 46.7 KB
README -rw-r--r-- 18.2 KB
REPORTING-BUGS -rw-r--r-- 3.3 KB

README

back to top