On Wed, May 01, 2013 at 05:10:15PM +0200, Daniel Borkmann wrote:
> In SOL_PACKET, we can sanitize the setsockopt() syscall a bit in the
> following ways:
>
> i) PACKET_VERSION is always checked in the kernel and it is quite
> likely to return -EINVAL here, very unlikely to crash this option.
> However, if we pass the correct values to it (TPACKET_V1, TPACKET_V2,
> TPACKET_V3), we can jump into this version specific code on other
> syscalls on that socket.
>
> ii) PACKET_{R,T}X_RING never gets a structure of size int, so it might
> always return -EINVAL here. Depending on the TPACKET version, it
> can either be tpacket_req or tpacket_req3. Make it more likely to
> have size tpacket_req though.
>
> Signed-off-by: Daniel Borkmann <[email protected]>
thanks, applied and pushed out.
Dave
--
To unsubscribe from this list: send the line "unsubscribe trinity" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
