Date: Wed, 23 Mar 2005 08:28:00 +0000 (UTC) From: David Schultz <das@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/compat/linux linux_socket.c Message-ID: <200503230828.j2N8S0F5021933@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
das 2005-03-23 08:28:00 UTC FreeBSD src repository Modified files: sys/compat/linux linux_socket.c Log: Reject packets larger than IP_MAXPACKET in linux_sendto() for sockets with the IP_HDRINCL option set. Without this change, a Linux process with access to a raw socket could cause a kernel panic. Raw sockets must be created by root, and are generally not consigned to untrusted applications; hence, the security implications of this bug are minimal. I believe this only affects 6-CURRENT on or after 2005-01-30. Found by: Coverity Prevent analysis tool Security: Local DOS Revision Changes Path 1.58 +3 -2 src/sys/compat/linux/linux_socket.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200503230828.j2N8S0F5021933>