https://github.com/torvalds/linux
Revision b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 authored by Eric Dumazet on 02 December 2016, 17:44:53 UTC, committed by David S. Miller on 02 December 2016, 19:10:14 UTC
CAP_NET_ADMIN users should not be allowed to set negative sk_sndbuf or sk_rcvbuf values, as it can lead to various memory corruptions, crashes, OOM... Note that before commit 82981930125a ("net: cleanups in sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF and SO_RCVBUF were vulnerable. This needs to be backported to all known linux kernels. Again, many thanks to syzkaller team for discovering this gem. Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Andrey Konovalov <andreyknvl@google.com> Signed-off-by: David S. Miller <davem@davemloft.net>
1 parent 5b01014
Tip revision: b98b0bc8c431e3ceb4b26b0dfc8db509518fb290 authored by Eric Dumazet on 02 December 2016, 17:44:53 UTC
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
Tip revision: b98b0bc
File | Mode | Size |
---|---|---|
3com | ||
acenic | ||
adaptec | ||
advansys | ||
av7110 | ||
bnx2 | ||
bnx2x | ||
cis | ||
cpia2 | ||
cxgb3 | ||
dsp56k | ||
e100 | ||
edgeport | ||
emi26 | ||
emi62 | ||
ess | ||
kaweth | ||
keyspan | ||
keyspan_pda | ||
korg | ||
matrox | ||
myricom | ||
ositech | ||
qlogic | ||
r128 | ||
radeon | ||
sb16 | ||
sun | ||
tehuti | ||
tigon | ||
ttusb-budget | ||
vicam | ||
yam | ||
yamaha | ||
.gitignore | -rw-r--r-- | 39 bytes |
Makefile | -rw-r--r-- | 10.9 KB |
README.AddingFirmware | -rw-r--r-- | 1.7 KB |
WHENCE | -rw-r--r-- | 26.3 KB |
atmsar11.HEX | -rw-r--r-- | 18.7 KB |
ihex2fw.c | -rw-r--r-- | 6.6 KB |
mts_cdma.fw.ihex | -rw-r--r-- | 37.2 KB |
mts_edge.fw.ihex | -rw-r--r-- | 37.8 KB |
mts_gsm.fw.ihex | -rw-r--r-- | 37.2 KB |
ti_3410.fw.ihex | -rw-r--r-- | 37.0 KB |
ti_5052.fw.ihex | -rw-r--r-- | 37.0 KB |
whiteheat.HEX | -rw-r--r-- | 43.9 KB |
whiteheat_loader.HEX | -rw-r--r-- | 11.8 KB |
whiteheat_loader_debug.HEX | -rw-r--r-- | 17.2 KB |
![swh spinner](/static/img/swh-spinner.gif)
Computing file changes ...