isdn/gigaset: limit raw CAPI message dump length - linux-dev - Linux kernel development work

diff options

author	Tilman Schmidt <tilman@imap.cc>	2014-10-11 13:46:29 +0200
committer	David S. Miller <davem@davemloft.net>	2014-10-14 15:05:33 -0400
commit	097933ddcd28ef99c116651b20fd2e06717e0f0d (patch)
tree	daba40194d81bd13eb0689e3668bae0988137a8d /tools/perf/scripts/python/call-graph-from-postgresql.py
parent	isdn/gigaset: make sure controller name is null terminated (diff)
download	linux-dev-097933ddcd28ef99c116651b20fd2e06717e0f0d.tar.xz linux-dev-097933ddcd28ef99c116651b20fd2e06717e0f0d.zip

isdn/gigaset: limit raw CAPI message dump length

In dump_rawmsg, the length field from a received data package was used unscrutinized, allowing an attacker to control the size of the allocated buffer and the number of times the output loop iterates. Fix by limiting to a reasonable value. Spotted with Coverity. Signed-off-by: Tilman Schmidt <tilman@imap.cc> Signed-off-by: David S. Miller <davem@davemloft.net>

Diffstat (limited to 'tools/perf/scripts/python/call-graph-from-postgresql.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: