android_kernel_zuk_msm8996.git

diff options

author	Stefan Richter <stefanr@s5r6.in-berlin.de>	2016-10-29 21:28:18 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2016-11-10 16:36:35 +0100
commit	46e14262a063714610b916404a20880fbd4cd0ce (patch)
tree	3f5fab51953b3a70dcef1f95d9e947408c020975 /tools/perf/scripts/python
parent	304cc8b5b43763f08dfd73754bd8a8273aa9c5de (diff)

firewire: net: guard against rx buffer overflows

commit 667121ace9dbafb368618dbabcf07901c962ddac upstream. The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin <eyal.itkin@gmail.com> Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com> Fixes: CVE 2016-8633 Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Diffstat (limited to 'tools/perf/scripts/python')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: