summaryrefslogtreecommitdiff
path: root/include/net/phonet
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2011-01-10 07:06:58 +0300
committerDavid S. Miller <davem@davemloft.net>2011-01-11 00:33:17 +0300
commitfacb4edc1e0e849ea98e147a821e60d6d6272c0a (patch)
tree4de1206d197e889690b622593ab785b318d1905f /include/net/phonet
parentc599bd6b9ac8926b03e6bf332a8c14ae2ffb43a3 (diff)
downloadlinux-facb4edc1e0e849ea98e147a821e60d6d6272c0a.tar.xz
phonet: some signedness bugs
Dan Rosenberg pointed out that there were some signed comparison bugs in the phonet protocol. http://marc.info/?l=full-disclosure&m=129424528425330&w=2 The problem is that we check for array overflows but "protocol" is signed and we don't check for array underflows. If you have already have CAP_SYS_ADMIN then you could use the bugs to get root, or someone could cause an oops by mistake. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: RĂ©mi Denis-Courmont <remi.denis-courmont@nokia.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include/net/phonet')
-rw-r--r--include/net/phonet/phonet.h4
1 files changed, 2 insertions, 2 deletions
diff --git a/include/net/phonet/phonet.h b/include/net/phonet/phonet.h
index d5df797f9540..5395e09187df 100644
--- a/include/net/phonet/phonet.h
+++ b/include/net/phonet/phonet.h
@@ -107,8 +107,8 @@ struct phonet_protocol {
int sock_type;
};
-int phonet_proto_register(int protocol, struct phonet_protocol *pp);
-void phonet_proto_unregister(int protocol, struct phonet_protocol *pp);
+int phonet_proto_register(unsigned int protocol, struct phonet_protocol *pp);
+void phonet_proto_unregister(unsigned int protocol, struct phonet_protocol *pp);
int phonet_sysctl_init(void);
void phonet_sysctl_exit(void);