1. 29 11月, 2011 3 次提交
    • X
      sctp: integer overflow in sctp_auth_create_key() · a5e5c374
      Xi Wang 提交于
      The previous commit 30c2235c is incomplete and cannot prevent integer
      overflows. For example, when key_len is 0x80000000 (INT_MAX + 1), the
      left-hand side of the check, (INT_MAX - key_len), which is unsigned,
      becomes 0xffffffff (UINT_MAX) and bypasses the check.
      Signed-off-by: NXi Wang <xi.wang@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      a5e5c374
    • L
      ipv6: Set mcast_hops to IPV6_DEFAULT_MCASTHOPS when -1 was given. · 2a38e6d5
      Li Wei 提交于
      We need to set np->mcast_hops to it's default value at this moment
      otherwise when we use it and found it's value is -1, the logic to
      get default hop limit doesn't take multicast into account and will
      return wrong hop limit(IPV6_DEFAULT_HOPLIMIT) which is for unicast.
      Signed-off-by: NLi Wei <lw@cn.fujitsu.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      2a38e6d5
    • A
      net: Fix corruption in /proc/*/net/dev_mcast · 5cac98dd
      Anton Blanchard 提交于
      I just hit this during my testing. Isn't there another bug lurking?
      
      BUG kmalloc-8: Redzone overwritten
      
      INFO: 0xc0000000de9dec48-0xc0000000de9dec4b. First byte 0x0 instead of 0xcc
      INFO: Allocated in .__seq_open_private+0x30/0xa0 age=0 cpu=5 pid=3896
      	.__kmalloc+0x1e0/0x2d0
      	.__seq_open_private+0x30/0xa0
      	.seq_open_net+0x60/0xe0
      	.dev_mc_seq_open+0x4c/0x70
      	.proc_reg_open+0xd8/0x260
      	.__dentry_open.clone.11+0x2b8/0x400
      	.do_last+0xf4/0x950
      	.path_openat+0xf8/0x480
      	.do_filp_open+0x48/0xc0
      	.do_sys_open+0x140/0x250
      	syscall_exit+0x0/0x40
      
      dev_mc_seq_ops uses dev_seq_start/next/stop but only allocates
      sizeof(struct seq_net_private) of private data, whereas it expects
      sizeof(struct dev_iter_state):
      
      struct dev_iter_state {
      	struct seq_net_private p;
      	unsigned int pos; /* bucket << BUCKET_SPACE + offset */
      };
      
      Create dev_seq_open_ops and use it so we don't have to expose
      struct dev_iter_state.
      
      [ Problem added by commit f04565dd (dev: use name hash for
        dev_seq_ops) -Eric ]
      Signed-off-by: NAnton Blanchard <anton@samba.org>
      Acked-by: NEric Dumazet <eric.dumazet@gmail.com>
      Signed-off-by: NDavid S. Miller <davem@davemloft.net>
      5cac98dd
  2. 28 11月, 2011 1 次提交
  3. 27 11月, 2011 11 次提交
  4. 26 11月, 2011 1 次提交
  5. 25 11月, 2011 1 次提交
  6. 24 11月, 2011 10 次提交
  7. 23 11月, 2011 7 次提交
  8. 22 11月, 2011 6 次提交