]> www.infradead.org Git - users/jedix/linux-maple.git/commit
net/packet: fix overflow in check for priv area size
authorAndrey Konovalov <andreyknvl@google.com>
Wed, 29 Mar 2017 14:11:20 +0000 (16:11 +0200)
committerChuck Anderson <chuck.anderson@oracle.com>
Thu, 1 Jun 2017 06:07:16 +0000 (23:07 -0700)
commit0bab24325acf4c65a7dfd9c8f54eb2079b0463f4
tree5124ad1f512d3a84edfc0f1c7c0704cf7465a49d
parent649edd4dd49eba495b5b185f80bb11b2027007e2
net/packet: fix overflow in check for priv area size

Orabug: 25813773
CVE: CVE-2017-7308

Subtracting tp_sizeof_priv from tp_block_size and casting to int
to check whether one is less then the other doesn't always work
(both of them are unsigned ints).

Compare them as is instead.

Also cast tp_sizeof_priv to u64 before using BLK_PLUS_PRIV, as
it can overflow inside BLK_PLUS_PRIV otherwise.

Signed-off-by: Andrey Konovalov <andreyknvl@google.com>
Acked-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
(cherry picked from commit 2b6867c2ce76c596676bec7d2d525af525fdc6e2)
Signed-off-by: Brian Maly <brian.maly@oracle.com>
net/packet/af_packet.c