Skip to content
Commit 423044be authored by David S. Miller's avatar David S. Miller Committed by Adrian Bunk
Browse files

sctp: Make sure N * sizeof(union sctp_addr) does not overflow. (CVE-2008-2826) 



As noticed by Gabriel Campana, the kmalloc() length arg
passed in by sctp_getsockopt_local_addrs_old() can overflow
if ->addr_num is large enough.

Therefore, enforce an appropriate limit.

Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarAdrian Bunk <bunk@kernel.org>
parent a203d3cc
Hide whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment