Dan Rosenberg be20250c13 ROSE: prevent heap corruption with bad facilities ... When parsing the FAC_NATIONAL_DIGIS facilities field, it's possible for a remote host to provide more digipeaters than expected, resulting in heap corruption. Check against ROSE_MAX_DIGIS to prevent overflows, and abort facilities parsing on failure. Additionally, when parsing the FAC_CCITT_DEST_NSAP and FAC_CCITT_SRC_NSAP facilities fields, a remote host can provide a length of less than 10, resulting in an underflow in a memcpy size, causing a kernel panic due to massive heap corruption. A length of greater than 20 results in a stack overflow of the callsign array. Abort facilities parsing on these invalid length values. Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com> Cc: stable@kernel.org Signed-off-by: David S. Miller <davem@davemloft.net>		2011-03-27 17:59:03 -07:00
..
Makefile	Linux-2.6.12-rc2	2005-04-16 15:20:36 -07:00
af_rose.c	ROSE: AX25: finding routes simplification	2011-02-14 13:33:49 -08:00
rose_dev.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
rose_in.c	[ROSE]: Supress sparse warnings	2008-01-28 15:02:44 -08:00
rose_link.c	net: return operator cleanup	2010-09-23 14:33:39 -07:00
rose_loopback.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
rose_out.c	include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h	2010-03-30 22:02:32 +09:00
rose_route.c	ROSE: rose AX25 packet routing improvement	2011-02-14 13:31:09 -08:00
rose_subr.c	ROSE: prevent heap corruption with bad facilities	2011-03-27 17:59:03 -07:00
rose_timer.c	[ROSE]: rose_heartbeat_expiry() locking fix	2005-10-31 16:41:45 -02:00
sysctl_net_rose.c	sysctl net: Remove unused binary sysctl code	2009-11-12 02:05:06 -08:00