[PATCH] [Dapper] x25: Prevent crashing when parsing bad X.25 facilities CVE-2010-4164
Steve Conklin
sconklin at canonical.com
Tue Mar 8 17:08:51 UTC 2011
On Tue, 2011-03-08 at 16:45 +0000, Tim Gardner wrote:
> On 03/08/2011 04:39 PM, Steve Conklin wrote:
> > BugLink: http://bugs.launchpad.net/bugs/731199
> >
> > CVE-2010-4164
> >
> > Now with improved comma support.
> >
> > On parsing malformed X.25 facilities, decrementing the remaining length
> > may cause it to underflow. Since the length is an unsigned integer,
> > this will result in the loop continuing until the kernel crashes.
> >
> > This patch adds checks to ensure decrementing the remaining length does
> > not cause it to wrap around.
> >
> > Signed-off-by: Dan Rosenberg<drosenberg at vsecurity.com>
> > Signed-off-by: David S. Miller<davem at davemloft.net>
> > (based on upstream commit 5ef41308f94dcbb3b7afc56cdef1c2ba53fa5d2f)
> > Signed-off-by: Steve Conklin<sconklin at canonical.com>
> > ---
> > net/x25/x25_facilities.c | 11 +++++++++--
> > 1 files changed, 9 insertions(+), 2 deletions(-)
> >
>
> Acked-by: Tim Gardner <tim.gardner at canonical.com>
>
> --
> Tim Gardner tim.gardner at canonical.com
>
Applied
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20110308/3452415a/attachment.sig>
More information about the kernel-team
mailing list