Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / facb4edc1e0e849ea98e147a821e60d6d6272c0a
commitfacb4edc1e0e849ea98e147a821e60d6d6272c0a[log] [tgz]
authorDan Carpenter <error27@gmail.com>Mon Jan 10 04:06:58 2011 +0000
committerDavid S. Miller <davem@davemloft.net>Mon Jan 10 13:33:17 2011 -0800
tree4de1206d197e889690b622593ab785b318d1905f
parentc599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3 [diff]
phonet: some signedness bugs

Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2 files changed
tree: 4de1206d197e889690b622593ab785b318d1905f
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. Kconfig
  28. MAINTAINERS
  29. Makefile
  30. README
  31. REPORTING-BUGS