From owner-cvs-all@FreeBSD.ORG Wed Mar 23 08:28:02 2005 Return-Path: Delivered-To: cvs-all@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2921516A4D6; Wed, 23 Mar 2005 08:28:01 +0000 (GMT) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id F033843D2F; Wed, 23 Mar 2005 08:28:00 +0000 (GMT) (envelope-from das@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j2N8S01F021934; Wed, 23 Mar 2005 08:28:00 GMT (envelope-from das@repoman.freebsd.org) Received: (from das@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j2N8S0F5021933; Wed, 23 Mar 2005 08:28:00 GMT (envelope-from das) Message-Id: <200503230828.j2N8S0F5021933@repoman.freebsd.org> From: David Schultz Date: Wed, 23 Mar 2005 08:28:00 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: HEAD Subject: cvs commit: src/sys/compat/linux linux_socket.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 23 Mar 2005 08:28:03 -0000 das 2005-03-23 08:28:00 UTC FreeBSD src repository Modified files: sys/compat/linux linux_socket.c Log: Reject packets larger than IP_MAXPACKET in linux_sendto() for sockets with the IP_HDRINCL option set. Without this change, a Linux process with access to a raw socket could cause a kernel panic. Raw sockets must be created by root, and are generally not consigned to untrusted applications; hence, the security implications of this bug are minimal. I believe this only affects 6-CURRENT on or after 2005-01-30. Found by: Coverity Prevent analysis tool Security: Local DOS Revision Changes Path 1.58 +3 -2 src/sys/compat/linux/linux_socket.c