| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20080225161439.GZ84358@surrealistic.net> Date: Mon, 25 Feb 2008 08:14:39 -0800 From: Jim Westfall <jwestfall@...realistic.net> To: netdev@...r.kernel.org, acme@...stprotocols.net Subject: [PATCH] llc: dont trust payload size on test cmd Hi In testing its not safe to trust the payload length we are given in a received llc test command header. Instead we should calculate this ourselves or run the risk of an skb_over_panic() if the received length in the header is > then the actual payload size. Signed-off-by: Jim Westfall <jwestfall@...realistic.net> diff -urp linux-2.6.24.2.org/include/net/llc_pdu.h linux-2.6.24.2/include/net/llc_pdu.h --- linux-2.6.24.2.org/include/net/llc_pdu.h 2008-02-10 21:51:11.000000000 -0800 +++ linux-2.6.24.2/include/net/llc_pdu.h 2008-02-24 10:23:02.000000000 -0800 @@ -348,7 +348,7 @@ static inline void llc_pdu_init_as_test_ struct llc_pdu_un *ev_pdu = llc_pdu_un_hdr(ev_skb); int dsize; - dsize = ntohs(eth_hdr(ev_skb)->h_proto) - 3; + dsize = (ev_skb->tail - (u8 *)ev_pdu) - 3; memcpy(((u8 *)pdu) + 3, ((u8 *)ev_pdu) + 3, dsize); skb_put(skb, dsize); } ----- End forwarded message ----- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists