econet: fix CVE-2010-3848
authorPhil Blundell <philb@gnu.org>
Wed, 24 Nov 2010 19:51:47 +0000 (11:51 -0800)
committerDavid S. Miller <davem@davemloft.net>
Wed, 24 Nov 2010 19:51:47 +0000 (11:51 -0800)
commita27e13d370415add3487949c60810e36069a23a6
tree072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f
parent16c41745c7b92a243d0874f534c1655196c64b74
econet: fix CVE-2010-3848

Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large.  Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.

Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/econet/af_econet.c