Re: [PATCH net] rxrpc: Fix several cases where a padded len isn't checked in ticket decode

From: David Howells Date: Thu, 15 Jun 2017 00:12:24 +0100 > This fixes CVE-2017-7482. > > When a kerberos 5 ticket is being decoded so that it can be loaded into an > rxrpc-type key, there are several places in which the length of a > variable-length field is checked to make sure that it's not g

[PATCH net] rxrpc: Fix several cases where a padded len isn't checked in ticket decode

This fixes CVE-2017-7482. When a kerberos 5 ticket is being decoded so that it can be loaded into an rxrpc-type key, there are several places in which the length of a variable-length field is checked to make sure that it's not going to overrun the available data - but the data is padded to the nea