Dan Rosenberg 9d880cedb1 irda: prevent integer underflow in IRLMP_ENUMDEVICES ... commit fdac1e0697 upstream. If the user-provided len is less than the expected offset, the IRLMP_ENUMDEVICES getsockopt will do a copy_to_user() with a very large size value. While this isn't be a security issue on x86 because it will get caught by the access_ok() check, it may leak large amounts of kernel heap on other architectures. In any event, this patch fixes it. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: David S. Miller <davem@davemloft.net> Cc: Moritz Muehlenhoff <jmm@debian.org> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>		2011-04-14 16:53:54 -07:00
..
ircomm	headers: remove sched.h from interrupt.h	2009-10-11 11:20:58 -07:00
irlan	irda: off by one	2010-09-20 13:17:52 -07:00
irnet	irda: prevent heap corruption on invalid nickname	2011-04-14 16:53:25 -07:00
af_irda.c	irda: prevent integer underflow in IRLMP_ENUMDEVICES	2011-04-14 16:53:54 -07:00
discovery.c
irda_device.c
iriap_event.c
iriap.c	irda: validate peer name and attribute lengths	2011-04-14 16:53:25 -07:00
irias_object.c
irlap_event.c	net: mark read-only arrays as const	2009-08-05 10:42:58 -07:00
irlap_frame.c	irda: Use SKB queue and list helpers instead of doing it by-hand.	2009-05-28 23:26:33 -07:00
irlap.c	net: mark read-only arrays as const	2009-08-05 10:42:58 -07:00
irlmp_event.c	net: mark read-only arrays as const	2009-08-05 10:42:58 -07:00
irlmp_frame.c
irlmp.c
irmod.c
irnetlink.c	genetlink: make netns aware	2009-07-12 14:03:27 -07:00
irproc.c	net: file_operations should be const	2009-09-02 01:03:53 -07:00
irqueue.c
irsysctl.c	sysctl: remove "struct file *" argument of ->proc_handler	2009-09-24 07:21:04 -07:00
irttp.c	net: irda: init spinlock after memcpy	2009-07-27 10:49:44 -07:00
Kconfig
Makefile
parameters.c	irda: Fix parameter extraction stack overflow	2010-12-09 13:26:32 -08:00
qos.c
timer.c
wrapper.c