From: Ben Hutchings <bhutchings@solarflare.com>
Date: Tue, 7 Sep 2010 04:35:19 +0000 (+0000)
Subject: niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL
X-Git-Tag: v2.6.36-rc4~6^2~9
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ee9c5cfad29c8a13199962614b9b16f1c4137ac9;p=pandora-kernel.git

niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL

niu_get_ethtool_tcam_all() assumes that its output buffer is the right
size, and warns before returning if it is not.  However, the output
buffer size is under user control and ETHTOOL_GRXCLSRLALL is an
unprivileged ethtool command.  Therefore this is at least a local
denial-of-service vulnerability.

Change it to check before writing each entry and to return an error if
the buffer is already full.

Compile-tested only.

Signed-off-by: Ben Hutchings <bhutchings@solarflare.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed