Chris Wright
authored
- Don't trust a length which is greater than the working buffer. An invalid length could cause overflow when calculating buffer size for decoding oid. - An oid length of zero is invalid and allows for an off-by-one error when decoding oid because the first subid actually encodes first 2 subids. - A primitive encoding may not have an indefinite length. Thanks to Wei Wang from McAfee for report. Cc: Steven French <sfrench@us.ibm.com> Cc: stable@kernel.org Acked-by:Patrick McHardy <kaber@trash.net> Signed-off-by:
Chris Wright <chrisw@sous-sol.org> Signed-off-by:
Linus Torvalds <torvalds@linux-foundation.org>
| Name | Last commit | Last update |
|---|---|---|
| .. | ||
| 802 | ||
| 8021q | ||
| 9p | ||
| appletalk | ||
| atm | ||
| ax25 | ||
| bluetooth | ||
| bridge | ||
| can | ||
| core | ||
| dccp | ||
| decnet | ||
| econet | ||
| ethernet | ||
| ieee80211 | ||
| ipv4 | ||
| ipv6 | ||
| ipx | ||
| irda | ||
| iucv | ||
| key | ||
| lapb | ||
| llc | ||
| mac80211 | ||
| netfilter | ||
| netlabel | ||
| netlink | ||
| netrom | ||
| packet | ||
| rfkill | ||
| rose | ||
| rxrpc | ||
| sched | ||
| sctp | ||
| sunrpc | ||
| tipc | ||
| unix | ||
| wanrouter | ||
| wireless | ||
| x25 | ||
| xfrm | ||
| Kconfig | ||
| Makefile | ||
| TUNABLE | ||
| compat.c | ||
| nonet.c | ||
| socket.c | ||
| sysctl_net.c | ||