Patrick McHardy wrote:
This patch fixes an off-by-one in inet_register_protosw and
inet6_register_protosw. inetsw is an array of size SOCK_MAX,
the check allows access to index SOCK_MAX. Patch applies
to 2.4 and 2.6.
Forgot the patch, sorry ;)
Regards
Patrick
# This is a BitKeeper generated diff -Nru style patch.
#
# ChangeSet
# 2004/05/28 12:24:03+02:00 kaber@xxxxxxxxx
# [IPV4,6]: Fix off-by-one in max protocol-type check
#
# net/ipv6/af_inet6.c
# 2004/05/28 12:23:56+02:00 kaber@xxxxxxxxx +1 -1
# [IPV4,6]: Fix off-by-one in max protocol-type check
#
# net/ipv4/af_inet.c
# 2004/05/28 12:23:56+02:00 kaber@xxxxxxxxx +1 -1
# [IPV4,6]: Fix off-by-one in max protocol-type check
#
diff -Nru a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
--- a/net/ipv4/af_inet.c 2004-05-28 12:35:06 +02:00
+++ b/net/ipv4/af_inet.c 2004-05-28 12:35:06 +02:00
@@ -978,7 +978,7 @@
spin_lock_bh(&inetsw_lock);
- if (p->type > SOCK_MAX)
+ if (p->type >= SOCK_MAX)
goto out_illegal;
/* If we are trying to override a permanent protocol, bail. */
diff -Nru a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
--- a/net/ipv6/af_inet6.c 2004-05-28 12:35:06 +02:00
+++ b/net/ipv6/af_inet6.c 2004-05-28 12:35:06 +02:00
@@ -572,7 +572,7 @@
spin_lock_bh(&inetsw6_lock);
- if (p->type > SOCK_MAX)
+ if (p->type >= SOCK_MAX)
goto out_illegal;
/* If we are trying to override a permanent protocol, bail. */
|