mirror of
https://github.com/AuxXxilium/linux_dsm_epyc7002.git
synced 2024-12-24 01:24:30 +07:00
6ee50c8e26
The .x25_addr[] address comes from the user and is not necessarily NUL terminated. This leads to a couple problems. The first problem is that the strlen() in x25_bind() can read beyond the end of the buffer. The second problem is more subtle and could result in memory corruption. The call tree is: x25_connect() --> x25_write_internal() --> x25_addr_aton() The .x25_addr[] buffers are copied to the "addresses" buffer from x25_write_internal() so it will lead to stack corruption. Verify that the strings are NUL terminated and return -EINVAL if they are not. Fixes: |
||
---|---|---|
.. | ||
6lowpan | ||
9p | ||
802 | ||
8021q | ||
appletalk | ||
atm | ||
ax25 | ||
batman-adv | ||
bluetooth | ||
bpf | ||
bpfilter | ||
bridge | ||
caif | ||
can | ||
ceph | ||
core | ||
dcb | ||
dccp | ||
decnet | ||
dns_resolver | ||
dsa | ||
ethernet | ||
ethtool | ||
hsr | ||
ieee802154 | ||
ife | ||
ipv4 | ||
ipv6 | ||
iucv | ||
kcm | ||
key | ||
l2tp | ||
l3mdev | ||
lapb | ||
llc | ||
mac80211 | ||
mac802154 | ||
mpls | ||
mptcp | ||
ncsi | ||
netfilter | ||
netlabel | ||
netlink | ||
netrom | ||
nfc | ||
nsh | ||
openvswitch | ||
packet | ||
phonet | ||
psample | ||
qrtr | ||
rds | ||
rfkill | ||
rose | ||
rxrpc | ||
sched | ||
sctp | ||
smc | ||
strparser | ||
sunrpc | ||
switchdev | ||
tipc | ||
tls | ||
unix | ||
vmw_vsock | ||
wimax | ||
wireless | ||
x25 | ||
xdp | ||
xfrm | ||
compat.c | ||
devres.c | ||
Kconfig | ||
Makefile | ||
socket.c | ||
sysctl_net.c |