From: Sridhar Samudrala <sri@us.ibm.com>
Date: Tue, 22 Aug 2006 18:50:39 +0000 (-0700)
Subject: Fix sctp privilege elevation (CVE-2006-3745)
X-Git-Tag: v2.6.18-rc5~72
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c164a9ba0a8870c5c9d353f63085319931d69f23;p=pandora-kernel.git

Fix sctp privilege elevation (CVE-2006-3745)

sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
---

Reading git-diff-tree failed