Piteball/android_kernel_google_msm
1
0
Fork 0
mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00
Code Issues Projects Releases Wiki Activity
android_kernel_google_msm/drivers/isdn/i4l
History
Ben Hutchings a1c3860d3c ppp, slip: Validate VJ compression slot parameters completely 
commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae upstream.

Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).

Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL.  Change the callers accordingly.

Compile-tested only.

Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Zefan Li <lizefan@huawei.com>
2016-03-21 09:17:54 +08:00
..
isdn_audio.c
isdn_audio.h
isdn_bsdcomp.c Remove all #inclusions of asm/system.h 2012-03-28 18:30:03 +01:00
isdn_common.c
isdn_common.h
isdn_concap.c
isdn_concap.h
isdn_net.c
isdn_net.h
isdn_ppp.c ppp, slip: Validate VJ compression slot parameters completely 2016-03-21 09:17:54 +08:00
isdn_ppp.h
isdn_tty.c
isdn_tty.h
isdn_ttyfax.c
isdn_ttyfax.h
isdn_v110.c
isdn_v110.h
isdn_x25iface.c
isdn_x25iface.h
isdnhdlc.c
Kconfig
Makefile