github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-09 23:23:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
bf477829d0
linux/net/dccp
History
Dan Rosenberg 14b5b45fc0 dccp: handle invalid feature options length 
commit a294865978 upstream.

A length of zero (after subtracting two for the type and len fields) for
the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
the subtraction.  The subsequent code may read past the end of the
options value buffer when parsing.  I'm unsure of what the consequences
of this might be, but it's probably not good.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2011-05-23 11:20:15 -07:00
..
ccids net-next-2.6 [PATCH 1/1] dccp: ccids whitespace-cleanup / CodingStyle 2009-09-14 17:02:54 -07:00
ackvec.c dccp: Set per-connection CCIDs via socket options 2008-11-23 16:02:31 -08:00
ackvec.h dccp: Minimise header option overhead in setting the MPS 2009-03-02 03:07:23 -08:00
ccid.c dccp: Integrate the TFRC library with DCCP 2009-01-04 21:45:33 -08:00
ccid.h dccp: Clean up ccid.c after integration of CCID plugins 2009-01-04 21:43:23 -08:00
dccp.h net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
diag.c dccp_diag: LISTEN sockets don't have CCIDs 2008-12-17 16:08:01 -08:00
feat.c net: mark read-only arrays as const 2009-08-05 10:42:58 -07:00
feat.h dccp: Debugging functions for feature negotiation 2009-01-21 14:34:05 -08:00
input.c dccp: fix oops on Reset after close 2011-03-07 15:17:57 -08:00
ipv4.c net: constify struct net_protocol 2009-09-14 17:03:01 -07:00
ipv6.c net: constify remaining proto_ops 2009-09-14 17:03:09 -07:00
ipv6.h
Kconfig dccp: Lockless integration of CCID congestion-control plugins 2009-01-04 21:42:53 -08:00
Makefile dccp: Integrate the TFRC library with DCCP 2009-01-04 21:45:33 -08:00
minisocks.c dccp: Implement both feature-local and feature-remote Sequence Window feature 2009-01-21 14:34:04 -08:00
options.c dccp: handle invalid feature options length 2011-05-23 11:20:15 -07:00
output.c net: adding memory barrier to the poll and receive callbacks 2009-07-09 17:06:57 -07:00
probe.c dccp_probe: Fix module load dependencies between dccp and dccp_probe 2010-05-12 14:57:11 -07:00
proto.c net: Make setsockopt() optlen be unsigned. 2009-09-30 16:12:20 -07:00
sysctl.c dccp: Initialisation and type-checking of feature sysctls 2009-01-21 14:34:05 -08:00
timer.c dccp: Limit feature negotiation to connection setup phase 2008-11-12 00:42:58 -08:00