linux/net
Matthew Daley c7fd0d48bd x25: Validate incoming call user data lengths
X.25 call user data is being copied in its entirety from incoming messages
without consideration to the size of the destination buffers, leading to
possible buffer overflows. Validate incoming call user data lengths before
these copies are performed.

It appears this issue was noticed some time ago, however nothing seemed to
come of it: see http://www.spinics.net/lists/linux-x25/msg00043.html and
commit 8db09f26f9.

Signed-off-by: Matthew Daley <mattjd@gmail.com>
Acked-by: Eric Dumazet <eric.dumazet@gmail.com>
Tested-by: Andrew Hendry <andrew.hendry@gmail.com>
Cc: stable <stable@kernel.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-10-17 19:31:39 -04:00
..
9p net/9p: Fix kernel crash with msize 512K 2011-09-06 08:17:15 -05:00
802
8021q vlan: reset headers on accel emulation path 2011-08-18 21:29:27 -07:00
appletalk
atm atm: br2684: Fix oops due to skb->dev being NULL 2011-08-20 14:13:05 -07:00
ax25
batman-adv batman-adv: do_bcast has to be true for broadcast packets only 2011-09-22 20:27:10 +02:00
bluetooth Bluetooth: Fix timeout on scanning for the second time 2011-09-15 11:54:05 -03:00
bridge bridge: leave carrier on for empty bridge 2011-10-06 15:26:50 -04:00
caif caif: fix a potential NULL dereference 2011-09-16 17:40:34 -04:00
can can bcm: fix incomplete tx_setup fix 2011-09-29 15:33:47 -04:00
ceph Merge branch 'for-linus' of git://github.com/NewDreamNetwork/ceph-client 2011-09-29 19:58:58 -07:00
core fib:fix BUG_ON in fib_nl_newrule when add new fib rule 2011-09-21 15:16:40 -04:00
dcb
dccp
decnet
dns_resolver
dsa
econet
ethernet net: don't clear IFF_XMIT_DST_RELEASE in ether_setup 2011-09-15 14:49:44 -04:00
ieee802154
ipv4 tcp: properly update lost_cnt_hint during shifting 2011-10-04 23:31:24 -04:00
ipv6 gro: refetch inet6_protos[] after pulling ext headers 2011-10-10 14:26:16 -04:00
ipx
irda IRDA: Fix global type conflicts in net/irda/irsysctl.c v2 2011-09-16 19:17:09 -04:00
iucv
key
l2tp
lapb
llc
mac80211 mac80211: fix missing sta_lock in __sta_info_destroy 2011-09-13 14:18:38 -04:00
netfilter netfilter: Use proper rwlock init function 2011-10-05 17:51:38 -04:00
netlabel net/netlabel/netlabel_kapi.c: add missing cleanup code 2011-08-11 05:52:57 -07:00
netlink
netrom
nfc
packet make PACKET_STATISTICS getsockopt report consistently between ring and non-ring 2011-10-03 14:18:26 -04:00
phonet
rds RDSRDMA: Fix cleanup of rds_iw_mr_pool 2011-09-29 14:57:19 -04:00
rfkill
rose
rxrpc
sched pkt_sched: cls_rsvp.h was outdated 2011-09-15 14:49:43 -04:00
sctp sctp: deal with multiple COOKIE_ECHO chunks 2011-09-16 17:17:22 -04:00
sunrpc
tipc
unix
wanrouter
wimax
wireless cfg80211: Fix validation of AKM suites 2011-09-21 15:58:24 -04:00
x25 x25: Validate incoming call user data lengths 2011-10-17 19:31:39 -04:00
xfrm net: check return value for dst_alloc 2011-09-27 15:32:06 -04:00
compat.c
Kconfig
Makefile
nonet.c
socket.c sendmmsg/sendmsg: fix unsafe user pointer access 2011-08-24 19:45:03 -07:00
sysctl_net.c