review.tizen.org Git - platform/kernel/kernel-mfld-blackbay.git/commit

projects / platform / kernel / kernel-mfld-blackbay.git / commit

author	Phil Blundell <philb@gnu.org>
	Wed, 24 Nov 2010 19:51:47 +0000 (11:51 -0800)
committer	David S. Miller <davem@davemloft.net>
	Wed, 24 Nov 2010 19:51:47 +0000 (11:51 -0800)
commit	a27e13d370415add3487949c60810e36069a23a6
tree	072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f	tree \| snapshot
parent	16c41745c7b92a243d0874f534c1655196c64b74	commit \| diff

econet: fix CVE-2010-3848

Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.

Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>

net/econet/af_econet.c

diff | blob | history

Domain: System / Uncategorized;

RSS Atom