LWN.net Logo

[PATCH 0/2] net: sock_diag fixes

From:  Mathias Krause <minipli-AT-googlemail.com>
To:  "David S. Miller" <davem-AT-davemloft.net>
Subject:  [PATCH 0/2] net: sock_diag fixes
Date:  Sat, 23 Feb 2013 12:13:46 +0100
Message-ID:  <1361618028-9024-1-git-send-email-minipli@googlemail.com>
Cc:  netdev-AT-vger.kernel.org, Mathias Krause <minipli-AT-googlemail.com>
Archive-link:  Article, Thread

Hi Dave,

this small series fixes an exploitable bug in sock_diag. An unprivileged
user can send us a netlink message resulting in an out-of-bounds access
that allows userland to take over control while in kernel mode.

The first patch fixes the bug and should be pushed to stable. The second
one is an attempt to cleanup the sock_diag_handlers[] access mess in
__sock_diag_rcv_msg.

Please apply!


Mathias Krause (2):
  sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
  sock_diag: Simplify sock_diag_handlers[] handling in
    __sock_diag_rcv_msg

 net/core/sock_diag.c |   27 ++++++++++-----------------
 1 file changed, 10 insertions(+), 17 deletions(-)

-- 
1.7.10.4



(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds