Commit e857d228 authored by Mathias Krause's avatar Mathias Krause Committed by Gerrit - the friendly Code Review server
Browse files

sock_diag: Fix out-of-bounds access to sock_diag_handlers[] 

Userland can send a netlink message requesting SOCK_DIAG_BY_FAMILY
with a family greater or equal then AF_MAX -- the array size of
sock_diag_handlers[]. The current code does not test for this
condition therefore is vulnerable to an out-of-bound access opening
doors for a privilege escalation.

CRs-fixed: 519050
Change-Id: I1466c4f56f3f4df90cf8a1ae17afa80c89b813e8
Git-repo: git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Git-commit: 6e601a53
Signed-off-by: default avatarMathias Krause <minipli@googlemail.com>
Acked-by: default avatarEric Dumazet <edumazet@google.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarSarang Joshi <spjoshi@codeaurora.org>
parent ddd9ef4d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment