]> git.ipfire.org Git - thirdparty/kernel/stable.git/commitdiff
projects / thirdparty / kernel / stable.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: bb2c140)
[PATCH] Fix minor security hole
authorralf@linux-mips.org <ralf@linux-mips.org>
Fri, 11 Mar 2005 03:47:08 +0000 (19:47 -0800)
committer <chrisw@vas.sous-sol.org> <>
Fri, 27 May 2005 04:20:06 +0000 (21:20 -0700)
ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
net/rose/rose_route.c patch | blob | blame | history

diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 92674a1cc49ea6640a070e32e03fa1027568414c..d19d931a1a75a26bb4395fae73c0dd1efab16d45 100644 (file)
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -727,7 +727,8 @@ int rose_rt_ioctl(unsigned int cmd, void __user *arg)
                }
                if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
                        return -EINVAL;
-
+               if (rose_route.ndigis > 8) /* No more than 8 digipeats */
+                       return -EINVAL;
                err = rose_add_node(&rose_route, dev);
                dev_put(dev);
                return err;
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git