Google Git
Sign in
kernel / pub / scm / linux / kernel / git / paulg / linux-stable / 6a6c24b6917692f826525ca5cb550f98982e39e8
commit6a6c24b6917692f826525ca5cb550f98982e39e8[log] [tgz]
authorBen Hutchings <bhutchings@solarflare.com>Tue Sep 07 04:35:19 2010 +0000
committerPaul Gortmaker <paul.gortmaker@windriver.com>Sun Apr 17 16:16:18 2011 -0400
treefadb6ad0982147b85f20c1418fd37972e9b3964b
parent40b77a71b25fd1ec84fdc3abc2f928a872884b10 [diff]
niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL

commit ee9c5cfad29c8a13199962614b9b16f1c4137ac9 upstream.

niu_get_ethtool_tcam_all() assumes that its output buffer is the right
size, and warns before returning if it is not.  However, the output
buffer size is under user control and ETHTOOL_GRXCLSRLALL is an
unprivileged ethtool command.  Therefore this is at least a local
denial-of-service vulnerability.

Change it to check before writing each entry and to return an error if
the buffer is already full.

Compile-tested only.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
1 file changed
tree: fadb6ad0982147b85f20c1418fd37972e9b3964b
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. COPYING
  25. CREDITS
  26. Kbuild
  27. MAINTAINERS
  28. Makefile
  29. README
  30. REPORTING-BUGS