[PATCH 0/1] [HARDY] [LUCID] [NATTY] [ONEIRIC] [PRECISE] [CVE-2012-2136] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb()
Brad Figg
brad.figg at canonical.com
Wed Jul 11 19:42:11 UTC 2012
CVE-2012-2136
BugLink: http://bugs.launchpad.net/bugs/1006622
We need to validate the number of pages consumed by data_len, otherwise frags
array could be overflowed by userspace. So this patch validate data_len and
return -EMSGSIZE when data_len may occupies more frags than MAX_SKB_FRAGS.
Jason Wang (1):
net: sock: validate data_len before allocating skb in
sock_alloc_send_pskb()
net/core/sock.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
--
1.7.9.5
More information about the kernel-team
mailing list