diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-04-25 23:03:05 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-05-12 23:32:10 -0700 |
commit | a3f21421537620fc4e1f844a594a4bcd9f7e2bd8 (patch) | |
tree | dcb5e27d1c6f7c2dca0fc2a22890c6a34704681f /include | |
parent | a42f707f8a62973f5e8bbcd08afb10a79e9cee33 (diff) |
CVE-2014-0210: unvalidated length fields in fs_read_extent_info()
Looping over the extents in the reply could go past the end of the
reply buffer if the reply indicated more extents than could fit in
the specified reply length.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'include')
0 files changed, 0 insertions, 0 deletions