| To: | James Morris <jmorris@xxxxxxxxxx> |
|---|---|
| Subject: | Re: [Coverity] Untrusted user data in kernel |
| From: | Pavel Machek <pavel@xxxxxx> |
| Date: | Fri, 17 Dec 2004 16:10:31 +0100 |
| Cc: | Bryan Fulton <bryan@xxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, netdev@xxxxxxxxxxx, netfilter-devel@xxxxxxxxxxxxxxxxxxx |
| In-reply-to: | <Xine.LNX.4.44.0412170012040.12382-100000@xxxxxxxxxxxxxxxxxxxxxxxx> |
| References: | <1103247211.3071.74.camel@xxxxxxxxxxxxxxxxxxxxx> <Xine.LNX.4.44.0412170012040.12382-100000@xxxxxxxxxxxxxxxxxxxxxxxx> |
| Sender: | netdev-bounce@xxxxxxxxxxx |
| User-agent: | Mutt/1.5.6i |
Hi!
> This at least needs CAP_NET_ADMIN.
Hmm, but that means that CAP_NET_ADMIN implies all other capabilities,
unless you fix this.
Pavel
> > TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
> > sink.
> >
> > 1161 counters = vmalloc(tmp.num_counters * sizeof(struct
> > ip6t_counters));
> > 1162 if (!counters) {
> > 1163 ret = -ENOMEM;
> > 1164 goto free_newinfo;
> > 1165 }
> >
> > TAINTED variable "((tmp).num_counters * 16)" was passed to a tainted
> > sink.
> >
> > 1166 memset(counters, 0, tmp.num_counters * sizeof(struct
> > ip6t_counters));
--
Boycott Kodak -- for their patent abuse against Java.
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [Coverity] Untrusted user data in kernel, Tomas Carnecky |
|---|---|
| Next by Date: | Re: primary and secondary ip addresses, Andrea G Forte |
| Previous by Thread: | Re: [Coverity] Untrusted user data in kernel, Horst von Brand |
| Next by Thread: | Re: [Coverity] Untrusted user data in kernel, James Morris |
| Indexes: | [Date] [Thread] [Top] [All Lists] |