| commit | 423044bed36af8792ea9e861a2fa33ed52a8fcbd | |
| author | David S. Miller <davem@davemloft.net> | |
| Sat, 19 Jul 2008 20:30:57 +0000 (19 23:30 +0300) | ||
| committer | Adrian Bunk <bunk@kernel.org> | |
| Sat, 19 Jul 2008 20:31:06 +0000 (19 23:31 +0300) | ||
| tree | 75881c793a109909bb1150c9efe5fe0620c30908 | treesnapshot (tar.gz zip) |
| parent | a203d3ccd131487b38094c3f5f4fb4f2fed593d7 | commitdiff |
sctp: Make sure N * sizeof(union sctp_addr) does not overflow. (CVE-2008-2826)
As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.
Therefore, enforce an appropriate limit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.
Therefore, enforce an appropriate limit.
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@kernel.org>
| net/sctp/socket.c | diffblobblamehistory |