ppp, slip: Validate VJ compression slot parameters completely - bcachefs.git - Unnamed repository; edit this file 'description' to name the repository.

diff options

author	Ben Hutchings <ben@decadent.org.uk>	2015-11-01 16:22:53 +0000
committer	Jiri Slaby <jslaby@suse.cz>	2016-01-27 09:56:19 +0100
commit	354b254af5c1350de9586af75fe5a821b35bfb33 (patch)
tree	f25c18aa76ba5a18797a1b4ba8dcac686d3309ae /Makefile
parent	a4c5c2262fc842e0323043a23a84be706760d628 (diff)

ppp, slip: Validate VJ compression slot parameters completely

commit 4ab42d78e37a294ac7bc56901d563c642e03c4ae upstream. Currently slhc_init() treats out-of-range values of rslots and tslots as equivalent to 0, except that if tslots is too large it will dereference a null pointer (CVE-2015-7799). Add a range-check at the top of the function and make it return an ERR_PTR() on error instead of NULL. Change the callers accordingly. Compile-tested only. Reported-by: 郭永刚 <guoyonggang@360.cn> References: http://article.gmane.org/gmane.comp.security.oss.general/17908 Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Jiri Slaby <jslaby@suse.cz>

Diffstat (limited to 'Makefile')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: