proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-11-13 16:33:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
eb7bfed901
mirror_ubuntu-kernels/drivers/net/slip
History
Ben Hutchings 4ab42d78e3 ppp, slip: Validate VJ compression slot parameters completely 
Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).

Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL.  Change the callers accordingly.

Compile-tested only.

Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2015-11-02 16:25:00 -05:00
..
Kconfig tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
Makefile
slhc.c ppp, slip: Validate VJ compression slot parameters completely 2015-11-02 16:25:00 -05:00
slip.c ppp, slip: Validate VJ compression slot parameters completely 2015-11-02 16:25:00 -05:00
slip.h slip: Fix deadlock in write_wakeup 2014-06-16 21:29:12 -07:00