| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 28 Mar 2007 20:49:32 +0200 (CEST) From: Jiri Kosina <jkosina@...e.cz> To: Andrew Morton <akpm@...ux-foundation.org>, Arnaldo Carvalho de Melo <acme@...driva.com> Cc: Robert Święcki <jagger@...ecki.net>, linux-kernel@...r.kernel.org Subject: [PATCH] DCCP: proper optlen checking in do_dccp_getsockopt() From: Jiri Kosina <jkosina@...e.cz> DCCP: proper optlen checking in do_dccp_getsockopt() Robert Swiecki discovered [1] a signedness bug in checking of optlen in do_dccp_getsockopt(). This bug can allow user to read parts of the kernel memory. [1] http://www.securityfocus.com/archive/1/463934/30/0/threaded Cc: Robert Święcki <jagger@...ecki.net> Signed-off-by: Jiri Kosina <jkosina@...e.cz> net/dccp/proto.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/net/dccp/proto.c b/net/dccp/proto.c index cf28c53..5239f26 100644 --- a/net/dccp/proto.c +++ b/net/dccp/proto.c @@ -575,7 +575,7 @@ static int do_dccp_getsockopt(struct sock *sk, int level, int optname, if (get_user(len, optlen)) return -EFAULT; - if (len < sizeof(int)) + if (len < 1) return -EINVAL; dp = dccp_sk(sk);
Powered by blists - more mailing lists