[Glibc-bsd-commits] r3744 - in trunk/kfreebsd-8/debian: . patches
Aurelien Jarno
aurel32 at alioth.debian.org
Wed Oct 19 07:17:11 UTC 2011
Author: aurel32
Date: 2011-10-19 07:17:10 +0000 (Wed, 19 Oct 2011)
New Revision: 3744
Modified:
trunk/kfreebsd-8/debian/changelog
trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff
Log:
* Update 000_unix_socket_overflow.diff from the second security advisory,
fixing the same issue on the Linux compatibility layer. Closes:
#645377.
Modified: trunk/kfreebsd-8/debian/changelog
===================================================================
--- trunk/kfreebsd-8/debian/changelog 2011-10-18 07:02:22 UTC (rev 3743)
+++ trunk/kfreebsd-8/debian/changelog 2011-10-19 07:17:10 UTC (rev 3744)
@@ -9,6 +9,11 @@
* Add 918_unix_socket_overflow.diff, to fix up breakage in our userland
after 000_unix_socket_overflow.diff. Closes: #645527.
+ [ Aurelien Jarno ]
+ * Update 000_unix_socket_overflow.diff from the second security advisory,
+ fixing the same issue on the Linux compatibility layer. Closes:
+ #645377.
+
-- Robert Millan <rmh at debian.org> Sun, 16 Oct 2011 11:43:34 +0200
kfreebsd-8 (8.2-9) unstable; urgency=high
Modified: trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff
===================================================================
--- trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff 2011-10-18 07:02:22 UTC (rev 3743)
+++ trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff 2011-10-19 07:17:10 UTC (rev 3744)
@@ -17,4 +17,34 @@
+ return (EINVAL);
len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
if (len <= 0)
+--- a/sys/compat/linux/linux_socket.c
++++ b/sys/compat/linux/linux_socket.c
+@@ -104,6 +104,7 @@
+ int oldv6size;
+ struct sockaddr_in6 *sin6;
+ #endif
++ int namelen;
+
+ if (*osalen < 2 || *osalen > UCHAR_MAX || !osa)
return (EINVAL);
+@@ -166,6 +167,20 @@
+ }
+ }
+
++ if ((bdom == AF_LOCAL) && (*osalen > sizeof(struct sockaddr_un))) {
++ for (namelen = 0;
++ namelen < *osalen - offsetof(struct sockaddr_un, sun_path);
++ namelen++)
++ if (!((struct sockaddr_un *)kosa)->sun_path[namelen])
++ break;
++ if (namelen + offsetof(struct sockaddr_un, sun_path) >
++ sizeof(struct sockaddr_un)) {
++ error = EINVAL;
++ goto out;
++ }
++ alloclen = sizeof(struct sockaddr_un);
++ }
++
+ sa = (struct sockaddr *) kosa;
+ sa->sa_family = bdom;
+ sa->sa_len = alloclen; return (EINVAL);
More information about the Glibc-bsd-commits
mailing list