c164a9ba0a8870c5c9d353f63085319931d69f23 - kernel/msm-4.19

commit	c164a9ba0a8870c5c9d353f63085319931d69f23	[log] [tgz]
author	Sridhar Samudrala <sri@us.ibm.com>	Tue Aug 22 11:50:39 2006 -0700
committer	Greg Kroah-Hartman <gregkh@suse.de>	Tue Aug 22 12:52:23 2006 -0700
tree	7e315a50008d0310dd5572a62baef34ddba89988
parent	ac185bdc02c216040f3b83f654d864bd8a29cedc [diff]

Fix sctp privilege elevation (CVE-2006-3745)

sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

include/net/sctp/sctp.h[diff]
include/net/sctp/sm.h[diff]
net/sctp/sm_make_chunk.c[diff]
net/sctp/sm_statefuns.c[diff]
net/sctp/socket.c[diff]

5 files changed

tree: 7e315a50008d0310dd5572a62baef34ddba89988

arch/
block/
crypto/
Documentation/
drivers/
fs/
include/
init/
ipc/
kernel/
lib/
mm/
net/
scripts/
security/
sound/
usr/
.gitignore
COPYING
CREDITS
Kbuild
MAINTAINERS
Makefile
README
REPORTING-BUGS