summaryrefslogtreecommitdiff
path: root/ether.conf
diff options
context:
space:
mode:
Diffstat (limited to 'ether.conf')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-09-17 00:15:50 +0000
cgi/linux/net-next.git/diff/?id=667121ace9dbafb368618dbabcf07901c962ddac&id2=6449e31ddebdce68508cfaf0915d31aad3835f4f'>diff)
firewire: net: guard against rx buffer overflows
The IP-over-1394 driver firewire-net lacked input validation when handling incoming fragmented datagrams. A maliciously formed fragment with a respectively large datagram_offset would cause a memcpy past the datagram buffer. So, drop any packets carrying a fragment with offset + length larger than datagram_size. In addition, ensure that - GASP header, unfragmented encapsulation header, or fragment encapsulation header actually exists before we access it, - the encapsulated datagram or fragment is of nonzero size. Reported-by: Eyal Itkin <eyal.itkin@gmail.com> Reviewed-by: Eyal Itkin <eyal.itkin@gmail.com> Fixes: CVE 2016-8633 Cc: stable@vger.kernel.org Signed-off-by: Stefan Richter <stefanr@s5r6.in-berlin.de>
Diffstat