linux-IllusionX

History

Dan Rosenberg fdac1e0697 irda: prevent integer underflow in IRLMP_ENUMDEVICES If the user-provided len is less than the expected offset, the IRLMP_ENUMDEVICES getsockopt will do a copy_to_user() with a very large size value. While this isn't be a security issue on x86 because it will get caught by the access_ok() check, it may leak large amounts of kernel heap on other architectures. In any event, this patch fixes it. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Signed-off-by: David S. Miller <davem@davemloft.net>		2010-12-23 10:09:43 -08:00
..
ircomm	net: return operator cleanup	2010-09-23 14:33:39 -07:00
irlan
irnet	Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2010-10-24 13:41:39 -07:00
af_irda.c	irda: prevent integer underflow in IRLMP_ENUMDEVICES	2010-12-23 10:09:43 -08:00
discovery.c	net: return operator cleanup	2010-09-23 14:33:39 -07:00
irda_device.c
iriap.c	irda: Fix heap memory corruption in iriap.c	2010-10-11 02:12:26 +02:00
iriap_event.c
irias_object.c
irlap.c
irlap_event.c
irlap_frame.c
irlmp.c	net: return operator cleanup	2010-09-23 14:33:39 -07:00
irlmp_event.c
irlmp_frame.c	net: return operator cleanup	2010-09-23 14:33:39 -07:00
irmod.c
irnetlink.c
irproc.c
irqueue.c
irsysctl.c
irttp.c	net: irda: irttp: sync error paths of data- and udata-requests	2010-11-18 12:24:25 -08:00
Kconfig
Makefile
parameters.c	irda: Fix parameter extraction stack overflow	2010-10-11 02:12:17 +02:00
qos.c
timer.c
wrapper.c