diff options
author | Eric Dumazet <edumazet@google.com> | 2016-12-02 09:44:53 -0800 |
---|---|---|
committer | Simon Shields <keepcalm444@gmail.com> | 2017-01-08 23:55:35 +1100 |
commit | 23e09dca1062825ecbac06d9a56c1b745d7bd774 (patch) | |
tree | dce38aa35613307fa3cd195615d87db6ee6e940c /ipc/sem.c | |
parent | 5b379de5cfd3b9b48be64430d9c0e7c668a4c0c0 (diff) | |
download | kernel_samsung_smdk4412-23e09dca1062825ecbac06d9a56c1b745d7bd774.zip kernel_samsung_smdk4412-23e09dca1062825ecbac06d9a56c1b745d7bd774.tar.gz kernel_samsung_smdk4412-23e09dca1062825ecbac06d9a56c1b745d7bd774.tar.bz2 |
net: avoid signed overflows for SO_{SND|RCV}BUFFORCE
CAP_NET_ADMIN users should not be allowed to set negative
sk_sndbuf or sk_rcvbuf values, as it can lead to various memory
corruptions, crashes, OOM...
Note that before commit 82981930125a ("net: cleanups in
sock_setsockopt()"), the bug was even more serious, since SO_SNDBUF
and SO_RCVBUF were vulnerable.
This needs to be backported to all known linux kernels.
Again, many thanks to syzkaller team for discovering this gem.
Change-Id: I7b3a4b234eee4e3b2b2766f4d61a44d92e76095d
Signed-off-by: Eric Dumazet <edumazet@google.com>
Reported-by: Andrey Konovalov <andreyknvl@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'ipc/sem.c')
0 files changed, 0 insertions, 0 deletions