linux-hardened/ipc
Alexey Kuznetsov a9a5cd5d2a [PATCH] IPC: access to unmapped vmalloc area in grow_ary()
grow_ary() should not copy struct ipc_id_ary (it copies new->p, not
new). Due to this, memcpy() src pointer could hit unmapped vmalloc page
when near page boundary.

Found during OpenVZ stress testing

Signed-off-by: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
Signed-off-by: Kirill Korotaev <dev@openvz.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
2006-04-17 18:40:40 -07:00
..
compat.c [PATCH] sem2mutex: ipc, id.sem 2006-03-26 08:56:55 -08:00
compat_mq.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
Makefile Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
mqueue.c [PATCH] mqueue comment typo fix 2006-03-28 09:16:03 -08:00
msg.c [PATCH] sem2mutex: ipc, id.sem 2006-03-26 08:56:55 -08:00
msgutil.c Linux-2.6.12-rc2 2005-04-16 15:20:36 -07:00
sem.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/bunk/trivial 2006-03-26 09:41:18 -08:00
shm.c [PATCH] shmat: stop mprotect from giving write permission to a readonly attachment (CVE-2006-1524) 2006-04-17 14:24:58 -07:00
util.c [PATCH] IPC: access to unmapped vmalloc area in grow_ary() 2006-04-17 18:40:40 -07:00
util.h [PATCH] sem2mutex: ipc, id.sem 2006-03-26 08:56:55 -08:00