| commit | a072d3e9840e924180044f9b68041b5c338a812b | |
| author | Phil Blundell <philb@gnu.org> | |
| Wed, 24 Nov 2010 19:51:47 +0000 (24 11:51 -0800) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Thu, 9 Dec 2010 21:33:32 +0000 (9 13:33 -0800) | ||
| tree | 676f3a0631fd7413735343d386c272d1fecbc420 | treesnapshot (tar.gz zip) |
| parent | 29d0e9fdced7e35db2ac8ecea49e5bc3c7115b98 | commitdiff |
econet: fix CVE-2010-3848
commit a27e13d370415add3487949c60810e36069a23a6 upstream.
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit a27e13d370415add3487949c60810e36069a23a6 upstream.
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/econet/af_econet.c | diffblobblamehistory |