Potential xdr_xcode_array2 security issue (was: Re: [PATCH] RPC: Encode and decode arbitrary XDR arrays)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



* Linux Kernel Mailing List:

> +xdr_xcode_array2(struct xdr_buf *buf, unsigned int base,
> +		 struct xdr_array2_desc *desc, int encode)
> +{
> +	char *elem = NULL, *c;
> +	unsigned int copied = 0, todo, avail_here;
> +	struct page **ppages = NULL;
> +	int err;
> +
> +	if (encode) {
> +		if (xdr_encode_word(buf, base, desc->array_len) != 0)
> +			return -EINVAL;
> +	} else {
> +		if (xdr_decode_word(buf, base, &desc->array_len) != 0 ||
> +		    (unsigned long) base + 4 + desc->array_len *
> +				    desc->elem_size > buf->len)
> +			return -EINVAL;
> +	}

This looks suspiciously like CVE-2002-0391.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux