[Linux-kernel-mentees] [PATCH net] AX.25: Prevent integer overflows in connect and sendmsg

David Miller davem at davemloft.net
Thu Jul 23 19:10:37 UTC 2020


From: Dan Carpenter <dan.carpenter at oracle.com>
Date: Thu, 23 Jul 2020 17:49:57 +0300

> We recently added some bounds checking in ax25_connect() and
> ax25_sendmsg() and we so we removed the AX25_MAX_DIGIS checks because
> they were no longer required.
> 
> Unfortunately, I believe they are required to prevent integer overflows
> so I have added them back.
> 
> Fixes: 8885bb0621f0 ("AX.25: Prevent out-of-bounds read in ax25_sendmsg()")
> Fixes: 2f2a7ffad5c6 ("AX.25: Fix out-of-bounds read in ax25_connect()")
> Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>

Applied, thanks Dan.


More information about the Linux-kernel-mentees mailing list