Fix sctp privilege elevation (CVE-2006-3745) - linux - Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/

diff options

author	Sridhar Samudrala <sri@us.ibm.com>	2006-08-22 11:50:39 -0700
committer	Greg Kroah-Hartman <gregkh@suse.de>	2006-08-22 12:52:23 -0700
commit	c164a9ba0a8870c5c9d353f63085319931d69f23 (patch)
tree	7e315a50008d0310dd5572a62baef34ddba89988 /scripts/patch-kernel
parent	Merge gregkh@master.kernel.org:/home/rmk/linux-2.6-arm (diff)
download	linux-c164a9ba0a8870c5c9d353f63085319931d69f23.tar.gz linux-c164a9ba0a8870c5c9d353f63085319931d69f23.zip

Fix sctp privilege elevation (CVE-2006-3745)

sctp_make_abort_user() now takes the msg_len along with the msg so that we don't have to recalculate the bytes in iovec. It also uses memcpy_fromiovec() so that we don't go beyond the length allocated. It is good to have this fix even if verify_iovec() is fixed to return error on overflow. Signed-off-by: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

Diffstat (limited to 'scripts/patch-kernel')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: