diff options
author | Ben Hutchings <bhutchings@solarflare.com> | 2010-09-07 04:35:19 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-09-08 14:01:52 -0700 |
commit | ee9c5cfad29c8a13199962614b9b16f1c4137ac9 (patch) | |
tree | 12c53593c04b2c443029fe1a4b64393b3e6e92b9 /net/ipv4 | |
parent | 6523ce1525e88c598c75a1a6b8c4edddfa9defe8 (diff) | |
download | op-kernel-dev-ee9c5cfad29c8a13199962614b9b16f1c4137ac9.zip op-kernel-dev-ee9c5cfad29c8a13199962614b9b16f1c4137ac9.tar.gz |
niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
niu_get_ethtool_tcam_all() assumes that its output buffer is the right
size, and warns before returning if it is not. However, the output
buffer size is under user control and ETHTOOL_GRXCLSRLALL is an
unprivileged ethtool command. Therefore this is at least a local
denial-of-service vulnerability.
Change it to check before writing each entry and to return an error if
the buffer is already full.
Compile-tested only.
Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4')
0 files changed, 0 insertions, 0 deletions