netdev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [Coverity] Untrusted user data in kernel

from [Pavel Machek] [Permanent Link][Original]
To: James Morris <jmorris@xxxxxxxxxx>
Subject: Re: [Coverity] Untrusted user data in kernel
From: Pavel Machek <pavel@xxxxxx>
Date: Fri, 17 Dec 2004 16:10:31 +0100
Cc: Bryan Fulton <bryan@xxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx
In-reply-to: <Xine.LNX.4.44.0412170012040.12382-100000@thoron.boston.redhat.com>
References: <1103247211.3071.74.camel@localhost.localdomain> <Xine.LNX.4.44.0412170012040.12382-100000@thoron.boston.redhat.com>
Sender: netdev-bounce@xxxxxxxxxxx
User-agent: Mutt/1.5.6i 
Hi!

> This at least needs CAP_NET_ADMIN.

Hmm, but that means that CAP_NET_ADMIN implies all other capabilities,
unless you fix this.

                                                                Pavel

> > TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
> > sink.
> > 
> > 1161            counters = vmalloc(tmp.num_counters * sizeof(struct
> > ip6t_counters));
> > 1162            if (!counters) {
> > 1163                    ret = -ENOMEM;
> > 1164                    goto free_newinfo;
> > 1165            }
> > 
> > TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
> > sink.
> > 
> > 1166            memset(counters, 0, tmp.num_counters * sizeof(struct
> > ip6t_counters));


-- 
Boycott Kodak -- for their patent abuse against Java.
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [Coverity] Untrusted user data in kernel, Tomas Carnecky
Next by Date:  Re: primary and secondary ip addresses, Andrea G Forte
Previous by Thread:  Re: [Coverity] Untrusted user data in kernel, Horst von Brand
Next by Thread:  Re: [Coverity] Untrusted user data in kernel, James Morris
Indexes:  [Date] [Thread] [Top] [All Lists]