oss-sec mailing list archives
Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
From: Mathias Krause <minipli () googlemail com>
Date: Mon, 25 Feb 2013 11:46:52 +0100
On Mon, Feb 25, 2013 at 11:41 AM, Mathias Krause <minipli () googlemail com> wrote:
Kind of. The missing upper bound check was (and still is) in there in older kernels as well, at times as this code was still living in inet_diag.c. But it wasn't (and isn't) vulnerable as the inet_diag_handlers[] array is 256 elements big. So userland cannot
^^^^^^^^^^^^^^^^^^^^^^ inet_diag_table that should be, and it's bound by INET_DIAG_GETSOCK_MAX checks in older kernels. Sorry for the confusion. Busy doing other stuff :/ Mathias
Current thread:
- CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 24)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Petr Matousek (Feb 24)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Jason A. Donenfeld (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Dan Rosenberg (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Mathias Krause (Feb 25)
- Re: CVE Request: kernel - sock_diag: Fix out-of-bounds access to sock_diag_handlers[] Solar Designer (Feb 25)