aboutsummaryrefslogtreecommitdiff
path: root/net/bridge
diff options
context:
space:
mode:
authorArjan van de Ven <arjan@linux.intel.com>2010-01-04 16:37:12 +0100
committerPatrick McHardy <kaber@trash.net>2010-01-04 16:37:12 +0100
commit04bcef2a83f40c6db24222b27a52892cba39dffb (patch)
tree0fdd15422ad26fa2b49f0712c73495477ed8b838 /net/bridge
parentae24e578de02b87cce3dc59248c29b2ecb071e9e (diff)
ipvs: Add boundary check on ioctl arguments
The ipvs code has a nifty system for doing the size of ioctl command copies; it defines an array with values into which it indexes the cmd to find the right length. Unfortunately, the ipvs code forgot to check if the cmd was in the range that the array provides, allowing for an index outside of the array, which then gives a "garbage" result into the length, which then gets used for copying into a stack buffer. Fix this by adding sanity checks on these as well as the copy size. [ horms@verge.net.au: adjusted limit to IP_VS_SO_GET_MAX ] Signed-off-by: Arjan van de Ven <arjan@linux.intel.com> Acked-by: Julian Anastasov <ja@ssi.bg> Signed-off-by: Simon Horman <horms@verge.net.au> Signed-off-by: Patrick McHardy <kaber@trash.net>
Diffstat (limited to 'net/bridge')
0 files changed, 0 insertions, 0 deletions