diff options
author | Sean Hefty <sean.hefty@intel.com> | 2011-12-06 21:17:11 +0000 |
---|---|---|
committer | Roland Dreier <roland@purestorage.com> | 2011-12-19 09:15:33 -0800 |
commit | 04ded1672402577cd3f390c764f3046cc704a42a (patch) | |
tree | b87db81163685e91584ef4088009d2d107b447b6 /mm/swap.c | |
parent | 5611cc4572e889b62a7b4c72a413536bf6a9c416 (diff) | |
download | linux-04ded1672402577cd3f390c764f3046cc704a42a.tar.bz2 |
RDMA/cma: Verify private data length
private_data_len is defined as a u8. If the user specifies a large
private_data size (> 220 bytes), we will calculate a total length that
exceeds 255, resulting in private_data_len wrapping back to 0. This
can lead to overwriting random kernel memory. Avoid this by verifying
that the resulting size fits into a u8.
Reported-by: B. Thery <benjamin.thery@bull.net>
Addresses: <http://bugs.openfabrics.org/bugzilla/show_bug.cgi?id=2335>
Signed-off-by: Sean Hefty <sean.hefty@intel.com>
Signed-off-by: Roland Dreier <roland@purestorage.com>
Diffstat (limited to 'mm/swap.c')
0 files changed, 0 insertions, 0 deletions