| To: | netdev@xxxxxxxxxxx |
|---|---|
| Subject: | [PATCH] Fix ROSE security hole |
| From: | Ralf Baechle <ralf@xxxxxxxxxxxxxx> |
| Date: | Wed, 2 Mar 2005 09:06:58 +0000 |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.4.1i |
ROSE wasn't verifying the ndigis argument of a new route resulting in a
minor security hole.
Index: bk-afu/net/rose/rose_route.c
===================================================================
--- bk-afu.orig/net/rose/rose_route.c 2005-02-05 22:16:25.582983368 +0000
+++ bk-afu/net/rose/rose_route.c 2005-02-05 22:16:25.585982912 +0000
@@ -727,7 +727,8 @@
}
if (rose_route.mask > 10) /* Mask can't be more than 10 digits
*/
return -EINVAL;
-
+ if (rose_route.ndigis > 8) /* No more than 8 digipeats */
+ return -EINVAL;
err = rose_add_node(&rose_route, dev);
dev_put(dev);
return err;
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Fw: [Bugme-new] [Bug 4273] New: eepro100 driver discards (big but valid) packets, Andrew Morton |
|---|---|
| Next by Date: | [PATCH] NET/ROM locking, Ralf Baechle |
| Previous by Thread: | Fw: [Bugme-new] [Bug 4273] New: eepro100 driver discards (big but valid) packets, Andrew Morton |
| Next by Thread: | Re: [PATCH] Fix ROSE security hole, David S. Miller |
| Indexes: | [Date] [Thread] [Top] [All Lists] |