mirror of
https://github.com/torvalds/linux
synced 2024-11-05 18:23:50 +00:00
097933ddcd
In dump_rawmsg, the length field from a received data package was used unscrutinized, allowing an attacker to control the size of the allocated buffer and the number of times the output loop iterates. Fix by limiting to a reasonable value. Spotted with Coverity. Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
asyncdata.c | ||
bas-gigaset.c | ||
capi.c | ||
common.c | ||
dummyll.c | ||
ev-layer.c | ||
gigaset.h | ||
i4l.c | ||
interface.c | ||
isocdata.c | ||
Kconfig | ||
Makefile | ||
proc.c | ||
ser-gigaset.c | ||
usb-gigaset.c |