linux/net/phonet
Dan Carpenter facb4edc1e phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-01-10 13:33:17 -08:00
..
af_phonet.c phonet: some signedness bugs 2011-01-10 13:33:17 -08:00
datagram.c
Kconfig
Makefile Net: phonet: Makefile: Remove deprecated kbuild goal definitions 2010-11-22 08:16:14 -08:00
pep-gprs.c
pep.c phonet: remove the unused variable pn 2010-10-20 01:55:54 -07:00
pn_dev.c
pn_netlink.c
socket.c Phonet: 'connect' socket implementation for Pipe controller 2010-10-13 14:40:34 -07:00
sysctl.c