sock_diag: Fix out-of-bounds access to sock_diag_handlers[] - kernel

diff options

author	Mathias Krause <minipli@googlemail.com>	2013-02-23 01:13:47 +0000
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2013-02-27 09:21:24 -0800
commit	314561f4fe77ffad1b560a10cdfb3b6fdc731a74 (patch)
tree	718c474303e1a97dcaeac4337de15a4ec78dd31e /net/rds/sysctl.c
parent	ca2656dccef64c437d6717468bffd3762b11816e (diff)

sock_diag: Fix out-of-bounds access to sock_diag_handlers[]

[ Upstream commit 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 ] Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY with a family greater or equal then AF_MAX -- the array size of sock_diag_handlers[]. The current code does not test for this condition therefore is vulnerable to an out-of-bound access opening doors for a privilege escalation. Signed-off-by: Mathias Krause <minipli@googlemail.com> Acked-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'net/rds/sysctl.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: