linux/net/dccp
Dan Rosenberg a294865978 dccp: handle invalid feature options length
A length of zero (after subtracting two for the type and len fields) for
the DCCPO_{CHANGE,CONFIRM}_{L,R} options will cause an underflow due to
the subtraction.  The subsequent code may read past the end of the
options value buffer when parsing.  I'm unsure of what the consequences
of this might be, but it's probably not good.

Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Acked-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
2011-05-06 13:05:50 -07:00
..
ccids tcp: Increase the initial congestion window to 10. 2011-02-02 20:48:47 -08:00
ackvec.c dccp ccid-2: whitespace fix-up 2010-11-18 09:37:07 -08:00
ackvec.h dccp ccid-2: Separate option parsing from CCID processing 2010-11-15 07:12:01 +01:00
ccid.c include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h 2010-03-30 22:02:32 +09:00
ccid.h dccp: Return-value convention of hc_tx_send_packet() 2010-10-28 10:27:00 -07:00
dccp.h dccp: fix bug in updating the GSR 2011-01-07 12:22:43 +01:00
diag.c dccp_diag: LISTEN sockets don't have CCIDs 2008-12-17 16:08:01 -08:00
feat.c dccp: Kill dead code and add static markers. 2010-10-06 23:12:07 -07:00
feat.h dccp: Kill dead code and add static markers. 2010-10-06 23:12:07 -07:00
input.c dccp: fix oops on Reset after close 2011-03-01 23:02:07 -08:00
ipv4.c net: Put fl4_* macros to struct flowi4 and use them again. 2011-03-12 15:08:54 -08:00
ipv6.c net: Put fl6_* macros to struct flowi6 and use them again. 2011-03-12 15:08:55 -08:00
ipv6.h Remove obsolete #include <linux/config.h> 2006-06-30 19:25:36 +02:00
Kconfig Docs/Kconfig: Update: osdl.org -> linuxfoundation.org 2010-11-15 23:50:13 +01:00
Makefile dccp: Policy-based packet dequeueing infrastructure 2010-12-07 13:47:12 +01:00
minisocks.c dccp: fix the adjustments to AWL and SWL 2010-10-12 06:57:40 +02:00
options.c dccp: handle invalid feature options length 2011-05-06 13:05:50 -07:00
output.c Fix common misspellings 2011-03-31 11:26:23 -03:00
probe.c llseek: automatically add .llseek fop 2010-10-15 15:53:27 +02:00
proto.c dccp qpolicy: Parameter checking of cmsg qpolicy parameters 2010-12-07 13:47:12 +01:00
qpolicy.c dccp qpolicy: Parameter checking of cmsg qpolicy parameters 2010-12-07 13:47:12 +01:00
sysctl.c dccp: make upper bound for seq_window consistent on 32/64 bit 2011-01-07 12:22:44 +01:00
timer.c dccp: Refine the wait-for-ccid mechanism 2010-10-28 10:27:01 -07:00