[PATCH] raw_sendmsg DoS on 2.6
authorMark J Cox <mjc@redhat.com>
Tue, 20 Sep 2005 00:55:30 +0000 (17:55 -0700)
committerLinus Torvalds <torvalds@g5.osdl.org>
Tue, 20 Sep 2005 01:45:42 +0000 (18:45 -0700)
commit6d1cfe3f1752f17e297df60c8bcc6cd6e0a58449
tree458323fe234aef3e5b96abf153feec48fe8a84df
parent997a51ae373df6484cdd4a5fc61a9c9bec82cd68
[PATCH] raw_sendmsg DoS on 2.6

Fix unchecked __get_user that could be tricked into generating a
memory read on an arbitrary address.  The result of the read is not
returned directly but you may be able to divine some information about
it, or use the read to cause a crash on some architectures by reading
hardware state.  CAN-2004-2492.

Fix from Al Viro, ack from Dave Miller.

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
net/ipv4/raw.c
net/ipv6/raw.c