diff options
author | pageexec <pageexec@freemail.hu> | 2005-06-26 16:00:19 -0700 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2005-06-26 16:00:19 -0700 |
commit | 4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae (patch) | |
tree | c15f61c9c0a1b1e88990eab47ebc89a4a83b3a4e /net/ipv4/ipvs/ip_vs_sync.c | |
parent | d470e3b483dcf79c16463bc740738dca76a035a9 (diff) | |
download | blackbird-op-linux-4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae.tar.gz blackbird-op-linux-4da62fc70d7cbcf8fa606a8c806d9dc8faa0ceae.zip |
[IPVS]: Fix for overflows
From: <pageexec@freemail.hu>
$subject was fixed in 2.4 already, 2.6 needs it as well.
The impact of the bugs is a kernel stack overflow and privilege escalation
from CAP_NET_ADMIN via the IP_VS_SO_SET_STARTDAEMON/IP_VS_SO_GET_DAEMON
ioctls. People running with 'root=all caps' (i.e., most users) are not
really affected (there's nothing to escalate), but SELinux and similar
users should take it seriously if they grant CAP_NET_ADMIN to other users.
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/ipv4/ipvs/ip_vs_sync.c')
-rw-r--r-- | net/ipv4/ipvs/ip_vs_sync.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/net/ipv4/ipvs/ip_vs_sync.c b/net/ipv4/ipvs/ip_vs_sync.c index 25c479550a32..574d1f509b46 100644 --- a/net/ipv4/ipvs/ip_vs_sync.c +++ b/net/ipv4/ipvs/ip_vs_sync.c @@ -839,10 +839,10 @@ int start_sync_thread(int state, char *mcast_ifn, __u8 syncid) ip_vs_sync_state |= state; if (state == IP_VS_STATE_MASTER) { - strcpy(ip_vs_master_mcast_ifn, mcast_ifn); + strlcpy(ip_vs_master_mcast_ifn, mcast_ifn, sizeof(ip_vs_master_mcast_ifn)); ip_vs_master_syncid = syncid; } else { - strcpy(ip_vs_backup_mcast_ifn, mcast_ifn); + strlcpy(ip_vs_backup_mcast_ifn, mcast_ifn, sizeof(ip_vs_backup_mcast_ifn)); ip_vs_backup_syncid = syncid; } |