Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm-4.9 / 097933ddcd28ef99c116651b20fd2e06717e0f0d
commit097933ddcd28ef99c116651b20fd2e06717e0f0d[log] [tgz]
authorTilman Schmidt <tilman@imap.cc>Sat Oct 11 13:46:29 2014 +0200
committerDavid S. Miller <davem@davemloft.net>Tue Oct 14 15:05:33 2014 -0400
treedaba40194d81bd13eb0689e3668bae0988137a8d
parentee7ff5fed25711a26da7826071e6ede8af049ad2 [diff]
isdn/gigaset: limit raw CAPI message dump length

In dump_rawmsg, the length field from a received data package was
used unscrutinized, allowing an attacker to control the size of the
allocated buffer and the number of times the output loop iterates.
Fix by limiting to a reasonable value.

Spotted with Coverity.

Signed-off-by: Tilman Schmidt <tilman@imap.cc>
Signed-off-by: David S. Miller <davem@davemloft.net>
1 file changed
tree: daba40194d81bd13eb0689e3668bae0988137a8d
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS