Thread (11 messages) 11 messages, 3 authors, 2011-01-13

Re: [patch v2] phonet: some signedness bugs

From: David Miller <davem@davemloft.net>
Date: 2011-01-11 00:05:49
Also in: kernel-janitors

From: Dan Carpenter <redacted>
Date: Mon, 10 Jan 2011 17:06:58 +0300
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <redacted>
Applied.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help