[PATCH] [Dapper] x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
Tim Gardner
tim.gardner at canonical.com
Tue Mar 8 16:45:56 UTC 2011
On 03/08/2011 04:39 PM, Steve Conklin wrote:
> BugLink: http://bugs.launchpad.net/bugs/731199
>
> CVE-2010-4164
>
> Now with improved comma support.
>
> On parsing malformed X.25 facilities, decrementing the remaining length
> may cause it to underflow. Since the length is an unsigned integer,
> this will result in the loop continuing until the kernel crashes.
>
> This patch adds checks to ensure decrementing the remaining length does
> not cause it to wrap around.
>
> Signed-off-by: Dan Rosenberg<drosenberg at vsecurity.com>
> Signed-off-by: David S. Miller<davem at davemloft.net>
> (based on upstream commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f)
> Signed-off-by: Steve Conklin<sconklin at canonical.com>
> ---
> net/x25/x25_facilities.c | 11 +++++++++--
> 1 files changed, 9 insertions(+), 2 deletions(-)
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list