redonkable
/
remarkable-linux
1
0
Fork 0
Code Releases Activity
remarkable-linux/drivers/isdn
History
Ben Hutchings a50a93cc99 ppp, slip: Validate VJ compression slot parameters completely 
[ Upstream commit 4ab42d78e3 ]

Currently slhc_init() treats out-of-range values of rslots and tslots
as equivalent to 0, except that if tslots is too large it will
dereference a null pointer (CVE-2015-7799).

Add a range-check at the top of the function and make it return an
ERR_PTR() on error instead of NULL.  Change the callers accordingly.

Compile-tested only.

Reported-by: 郭永刚 <guoyonggang@360.cn>
References: http://article.gmane.org/gmane.comp.security.oss.general/17908
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 		2016-01-31 11:23:37 -08:00
..
act2000 isdn: replace del_timer by del_timer_sync 2014-03-27 15:28:06 -04:00
capi isdn/capi: correct argument types of command_2_index 2014-12-10 15:06:10 -05:00
divert isdn: divert, hysdn: fix interruptible_sleep_on race 2014-02-26 16:06:13 -05:00
gigaset isdn/gigaset: reset tty->receive_room when attaching ser_gigaset 2015-09-29 19:26:22 +02:00
hardware Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2015-04-14 09:50:27 -07:00
hisax isdn: hisax: hfc4s8s_l1: Remove some unused functions 2015-01-02 16:36:08 -05:00
hysdn isdn: fix misspelling of current function in string 2014-12-09 16:18:46 -05:00
i4l ppp, slip: Validate VJ compression slot parameters completely 2016-01-31 11:23:37 -08:00
icn isdn: icn: use strlcpy() when parsing setup options 2015-03-15 22:24:37 -04:00
isdnloop drivers: isdn: isdnloop: isdnloop.c: Remove parenthesis around return values, as specified in CodingStyle. 2015-02-05 15:40:23 -08:00
mISDN Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next 2015-04-15 09:00:47 -07:00
pcbit isdn: fix misspelling of current function in string 2014-12-09 16:18:46 -05:00
sc Drivers: Isdn: sc: Fixed coding style & spelling mistakes. 2015-01-18 00:27:53 -05:00
Kconfig tty: Added a CONFIG_TTY option to allow removal of TTY 2013-01-18 16:15:27 -08:00
Makefile mISDN fix main ISDN Makefile 2008-08-02 16:28:20 +02:00