fdac1e0697
If the user-provided len is less than the expected offset, the IRLMP_ENUMDEVICES getsockopt will do a copy_to_user() with a very large size value. While this isn't be a security issue on x86 because it will get caught by the access_ok() check, it may leak large amounts of kernel heap on other architectures. In any event, this patch fixes it. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
ircomm | ||
irlan | ||
irnet | ||
af_irda.c | ||
discovery.c | ||
irda_device.c | ||
iriap_event.c | ||
iriap.c | ||
irias_object.c | ||
irlap_event.c | ||
irlap_frame.c | ||
irlap.c | ||
irlmp_event.c | ||
irlmp_frame.c | ||
irlmp.c | ||
irmod.c | ||
irnetlink.c | ||
irproc.c | ||
irqueue.c | ||
irsysctl.c | ||
irttp.c | ||
Kconfig | ||
Makefile | ||
parameters.c | ||
qos.c | ||
timer.c | ||
wrapper.c |