RDMA/cma: Verify private data length - linux - Linux Kernel (branches are rebased on master from time to time)

diff options

author	Sean Hefty <sean.hefty@intel.com>	2011-12-06 21:17:11 +0000
committer	Roland Dreier <roland@purestorage.com>	2011-12-19 09:15:33 -0800
commit	04ded1672402577cd3f390c764f3046cc704a42a (patch)
tree	b87db81163685e91584ef4088009d2d107b447b6 /arch/sparc
parent	5611cc4572e889b62a7b4c72a413536bf6a9c416 (diff)
download	linux-04ded1672402577cd3f390c764f3046cc704a42a.tar.bz2

RDMA/cma: Verify private data length

private_data_len is defined as a u8. If the user specifies a large private_data size (> 220 bytes), we will calculate a total length that exceeds 255, resulting in private_data_len wrapping back to 0. This can lead to overwriting random kernel memory. Avoid this by verifying that the resulting size fits into a u8. Reported-by: B. Thery <benjamin.thery@bull.net> Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335> Signed-off-by: Sean Hefty <sean.hefty@intel.com> Signed-off-by: Roland Dreier <roland@purestorage.com>

Diffstat (limited to 'arch/sparc')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: