Ben Hutchings 4ab42d78e3 ppp, slip: Validate VJ compression slot parameters completely ... Currently slhc_init() treats out-of-range values of rslots and tslots as equivalent to 0, except that if tslots is too large it will dereference a null pointer (CVE-2015-7799). Add a range-check at the top of the function and make it return an ERR_PTR() on error instead of NULL. Change the callers accordingly. Compile-tested only. Reported-by: 郭永刚 <guoyonggang@360.cn> References: http://article.gmane.org/gmane.comp.security.oss.general/17908 Signed-off-by: Ben Hutchings <ben@decadent.org.uk> Signed-off-by: David S. Miller <davem@davemloft.net>		2015-11-02 16:25:00 -05:00
..
act2000	isdn: replace del_timer by del_timer_sync	2014-03-27 15:28:06 -04:00
capi	isdn/capi: Use setup_timer	2015-05-31 21:36:37 -07:00
divert	isdn: divert, hysdn: fix interruptible_sleep_on race	2014-02-26 16:06:13 -05:00
gigaset	isdn/gigaset: drop unused ldisc methods	2015-07-15 17:24:45 -07:00
hardware	Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial	2015-04-14 09:50:27 -07:00
hisax	ISDN: fix OOM condition for sending queued I-Frames	2015-10-22 07:23:19 -07:00
hysdn	isdn: fix misspelling of current function in string	2014-12-09 16:18:46 -05:00
i4l	ppp, slip: Validate VJ compression slot parameters completely	2015-11-02 16:25:00 -05:00
icn	arch, drivers: don't include <asm/io.h> directly, use <linux/io.h> instead	2015-08-10 23:07:05 -04:00
isdnloop	drivers: isdn: isdnloop: isdnloop.c: Remove parenthesis around return values, as specified in CodingStyle.	2015-02-05 15:40:23 -08:00
mISDN	mISDN: fix OOM condition for sending queued I-Frames	2015-10-22 07:23:19 -07:00
pcbit	isdn: fix misspelling of current function in string	2014-12-09 16:18:46 -05:00
sc	Drivers: Isdn: sc: Fixed coding style & spelling mistakes.	2015-01-18 00:27:53 -05:00
Kconfig	tty: Added a CONFIG_TTY option to allow removal of TTY	2013-01-18 16:15:27 -08:00
Makefile