| commit | b7a7f2b940ba69a8dc999f2e5771e52e4f7860a5 | |
| author | Phil Blundell <philb@gnu.org> | |
| Wed, 24 Nov 2010 19:51:47 +0000 (24 11:51 -0800) | ||
| committer | Greg Kroah-Hartman <gregkh@suse.de> | |
| Mon, 9 May 2011 22:55:33 +0000 (9 15:55 -0700) | ||
| tree | cb706b07629eb221c3bc621da346246461505370 | treesnapshot (tar.gz zip) |
| parent | 8200a2e148cb2c01ef8a1ee77fd893227b4e15d4 | commitdiff |
econet: fix CVE-2010-3848
commit a27e13d370415add3487949c60810e36069a23a6 upstream.
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[Adjusted to apply to 2.6.32 by dann frazier <dannf@debian.org>]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
commit a27e13d370415add3487949c60810e36069a23a6 upstream.
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
[Adjusted to apply to 2.6.32 by dann frazier <dannf@debian.org>]
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| net/econet/af_econet.c | diffblobblamehistory |