linux-stable-rt/include/net/sctp
Sridhar Samudrala c164a9ba0a Fix sctp privilege elevation (CVE-2006-3745)
sctp_make_abort_user() now takes the msg_len along with the msg
so that we don't have to recalculate the bytes in iovec.
It also uses memcpy_fromiovec() so that we don't go beyond the
length allocated.

It is good to have this fix even if verify_iovec() is fixed to
return error on overflow.

Signed-off-by: Sridhar Samudrala <sri@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
2006-08-22 12:52:23 -07:00
..
command.h
constants.h
sctp.h Fix sctp privilege elevation (CVE-2006-3745) 2006-08-22 12:52:23 -07:00
sm.h Fix sctp privilege elevation (CVE-2006-3745) 2006-08-22 12:52:23 -07:00
structs.h
tsnmap.h
ulpevent.h
ulpqueue.h
user.h