git.openpandora.org / pandora-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2645a3c) | patch
sctp: Make sure N * sizeof(union sctp_addr) does not overflow.
authorDavid S. Miller <davem@davemloft.net>
Sat, 21 Jun 2008 05:04:34 +0000 (22:04 -0700)
committerDavid S. Miller <davem@davemloft.net>
Sat, 21 Jun 2008 05:04:34 +0000 (22:04 -0700)
commit735ce972fbc8a65fb17788debd7bbe7b4383cc62
treeb047160a720011021b148350e42d8cc020f06a61tree | snapshot
parent2645a3c3761ac25498db2e627271016c849c68e1commit | diff
sctp: Make sure N * sizeof(union sctp_addr) does not overflow.

As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.

Therefore, enforce an appropriate limit.

Signed-off-by: David S. Miller <davem@davemloft.net>
net/sctp/socket.c diff | blob | history
Pandora Kernel Repository