diff options
author | Dan Carpenter <error27@gmail.com> | 2011-01-10 04:06:58 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2011-01-10 13:33:17 -0800 |
commit | facb4edc1e0e849ea98e147a821e60d6d6272c0a (patch) | |
tree | 4de1206d197e889690b622593ab785b318d1905f /include | |
parent | c599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3 (diff) |
phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs
in the phonet protocol.
http://marc.info/?l=full-disclosure&m=129424528425330&w=2
The problem is that we check for array overflows but "protocol" is
signed and we don't check for array underflows. If you have already
have CAP_SYS_ADMIN then you could use the bugs to get root, or someone
could cause an oops by mistake.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/net/phonet/phonet.h | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/phonet/phonet.h b/include/net/phonet/phonet.h index d5df797f9540..5395e09187df 100644 --- a/include/net/phonet/phonet.h +++ b/include/net/phonet/phonet.h @@ -107,8 +107,8 @@ struct phonet_protocol { int sock_type; }; -int phonet_proto_register(int protocol, struct phonet_protocol *pp); -void phonet_proto_unregister(int protocol, struct phonet_protocol *pp); +int phonet_proto_register(unsigned int protocol, struct phonet_protocol *pp); +void phonet_proto_unregister(unsigned int protocol, struct phonet_protocol *pp); int phonet_sysctl_init(void); void phonet_sysctl_exit(void); |