Piteball
/
android_kernel_samsung_msm8976
mirror of https://github.com/team-infusion-developers/android_kernel_samsung_msm8976.git
1
1
Fork 0
Code Issues Projects Releases Wiki Activity
android_kernel_samsung_msm8976/drivers/isdn
History
Ben Hutchings f82699de10 ppp, slip: Validate VJ compression slot parameters completely 
[ Upstream commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae ]

Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).

Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL.  Change the callers accordingly.

Compile-tested only.

Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2016-01-28 21:49:35 -08:00
..
act2000
capi isdn/kcapi: fix a small underflow 2013-05-20 13:38:14 -07:00
divert
gigaset isdn/gigaset: reset tty->receive_room when attaching ser_gigaset 2015-10-01 12:07:36 +02:00
hardware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2013-05-01 17:51:54 -07:00
hisax Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2013-05-01 14:08:52 -07:00
hysdn
i4l ppp, slip: Validate VJ compression slot parameters completely 2016-01-28 21:49:35 -08:00
icn
isdnloop isdnloop: several buffer overflows 2014-04-14 06:42:18 -07:00
mISDN net: rework recvmsg handler msg_name and msg_namelen logic 2013-12-08 07:29:25 -08:00
pcbit
sc
Kconfig
Makefile