Fix sctp privilege elevation (CVE-2006-3745) (28ea23d9) · Commits · Joan Touzet / Linux

Commit 28ea23d9 authored 18 years ago by

Sridhar Samudrala Committed by Adrian Bunk 18 years ago

Fix sctp privilege elevation (CVE-2006-3745)


sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Acked-by: David Miller <davem@davemloft.net>
Signed-off-by: Adrian Bunk <bunk@stusta.de>

parent b9a96aa8

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 23 additions and 53 deletions

Please register or to comment

Admin message

Fix sctp privilege elevation (CVE-2006-3745)