diff options
author | Sridhar Samudrala <sri@us.ibm.com> | 2006-08-22 11:50:39 -0700 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2006-08-22 12:52:23 -0700 |
commit | c164a9ba0a8870c5c9d353f63085319931d69f23 (patch) | |
tree | 7e315a50008d0310dd5572a62baef34ddba89988 /net/core/stream.c | |
parent | ac185bdc02c216040f3b83f654d864bd8a29cedc (diff) |
Fix sctp privilege elevation (CVE-2006-3745)
sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.
It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.
Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'net/core/stream.c')
0 files changed, 0 insertions, 0 deletions