Re: [patch v2] phonet: some signedness bugs
From: David Miller <davem@davemloft.net>
Date: 2011-01-11 00:05:49
Also in:
kernel-janitors
From: David Miller <davem@davemloft.net>
Date: 2011-01-11 00:05:49
Also in:
kernel-janitors
From: Dan Carpenter <redacted> Date: Mon, 10 Jan 2011 17:06:58 +0300
Dan Rosenberg pointed out that there were some signed comparison bugs in the phonet protocol. http://marc.info/?l=full-disclosure&m=129424528425330&w=2 The problem is that we check for array overflows but "protocol" is signed and we don't check for array underflows. If you have already have CAP_SYS_ADMIN then you could use the bugs to get root, or someone could cause an oops by mistake. Signed-off-by: Dan Carpenter <redacted>
Applied.