From: ralf@linux-mips.org <ralf@linux-mips.org>
Date: Fri, 11 Mar 2005 03:47:08 +0000 (-0800)
Subject: [PATCH] Fix minor security hole
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87127723a58fe970177ce087e079f2fffac2adce;p=thirdparty%2Fkernel%2Fstable.git

[PATCH] Fix minor security hole

ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Chris Wright <chrisw@osdl.org>
---

diff --git a/net/rose/rose_route.c b/net/rose/rose_route.c
index 92674a1cc49ea..d19d931a1a75a 100644
--- a/net/rose/rose_route.c
+++ b/net/rose/rose_route.c
@@ -727,7 +727,8 @@ int rose_rt_ioctl(unsigned int cmd, void __user *arg)
 		}
 		if (rose_route.mask > 10) /* Mask can't be more than 10 digits */
 			return -EINVAL;
-
+		if (rose_route.ndigis > 8) /* No more than 8 digipeats */
+			return -EINVAL;
 		err = rose_add_node(&rose_route, dev);
 		dev_put(dev);
 		return err;