diff options
author | Phil Blundell <philb@gnu.org> | 2010-11-24 20:51:47 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2010-11-24 20:51:47 +0100 |
commit | a27e13d370415add3487949c60810e36069a23a6 (patch) | |
tree | 072e0ba8e2d629c55be4ef6fa5ae318e2a351e2f /lib | |
parent | econet: fix CVE-2010-3850 (diff) | |
download | linux-a27e13d370415add3487949c60810e36069a23a6.tar.xz linux-a27e13d370415add3487949c60810e36069a23a6.zip |
econet: fix CVE-2010-3848
Don't declare variable sized array of iovecs on the stack since this
could cause stack overflow if msg->msgiovlen is large. Instead, coalesce
the user-supplied data into a new buffer and use a single iovec for it.
Signed-off-by: Phil Blundell <philb@gnu.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'lib')
0 files changed, 0 insertions, 0 deletions