author | Mathias Krause <minipli@googlemail.com> | |
Sat, 23 Feb 2013 01:13:47 +0000 (01:13 +0000) | ||
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
Thu, 28 Feb 2013 13:38:41 +0000 (05:38 -0800) | ||
commit | 7bd46285b2bc213bb124a1ce995793a5788e3b36 | |
tree | 27bc3cfe71335f6453e9aa14af7063893ee824ce | tree | snapshot (tar.xz tar.gz zip) |
parent | a64f554348c7334e80acae165e8f0c302e50b07e | commit | diff |
sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
[ Upstream commit 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 ]
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
[ Upstream commit 6e601a53566d84e1ffd25e7b6fe0b6894ffd79c0 ]
Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.
Signed-off-by: Mathias Krause <minipli@googlemail.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
net/core/sock_diag.c | diff | blob | history |