From: Dan Carpenter <error27@gmail.com>
Date: Mon, 10 Jan 2011 04:06:58 +0000 (+0000)
Subject: phonet: some signedness bugs
X-Git-Tag: v2.6.38-rc1~403^2~21
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=facb4edc1e0e849ea98e147a821e60d6d6272c0a;p=pandora-kernel.git

phonet: some signedness bugs

Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.

http://marc.info/?l=full-disclosure&m=129424528425330&w=2

The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows.  If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Rémi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

Reading git-diff-tree failed