android_kernel_google_msm

mirror of https://github.com/followmsi/android_kernel_google_msm.git synced 2024-11-06 23:17:41 +00:00

History

Ben Hutchings a1c3860d3c ppp, slip: Validate VJ compression slot parameters completely commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae upstream. Currently slhc_init() treats out-of-range values of rslots and tslots as equivalent to 0, except that if tslots is too large it will dereference a null pointer (CVE-2015-7799). Add a range-check at the top of the function and make it return an ERR_PTR() on error instead of NULL. Change the callers accordingly. Compile-tested only. Reported-by: 郭永刚 <guoyonggang@360.cn> References: http://article.gmane.org/gmane.comp.security.oss.general/17908 Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Zefan Li <lizefan@huawei.com>		2016-03-21 09:17:54 +08:00
..
act2000	isdn: whitespace coding style cleanup	2012-02-21 09:04:01 -08:00
capi	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next	2012-03-20 21:04:47 -07:00
divert	isdn: whitespace coding style cleanup	2012-02-21 09:04:01 -08:00
gigaset	isdn/gigaset: fix zero size border case in debug dump	2013-02-14 10:49:04 -08:00
hardware	Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net	2012-04-02 17:53:39 -07:00
hisax	Remove all #inclusions of asm/system.h	2012-03-28 18:30:03 +01:00
hysdn	isdn: whitespace coding style cleanup	2012-02-21 09:04:01 -08:00
i4l	ppp, slip: Validate VJ compression slot parameters completely	2016-03-21 09:17:54 +08:00
icn	isdn: whitespace coding style cleanup	2012-02-21 09:04:01 -08:00
isdnloop	isdnloop: several buffer overflows	2014-04-26 17:13:18 -07:00
mISDN	net: rework recvmsg handler msg_name and msg_namelen logic	2013-12-08 07:29:41 -08:00
pcbit	Remove all #inclusions of asm/system.h	2012-03-28 18:30:03 +01:00
sc	isdn: whitespace coding style cleanup	2012-02-21 09:04:01 -08:00
Kconfig	um: switch to use of drivers/Kconfig	2011-11-02 14:15:41 +01:00
Makefile