[Glibc-bsd-commits] r3744 - in trunk/kfreebsd-8/debian: . patches

Aurelien Jarno aurel32 at alioth.debian.org
Wed Oct 19 07:17:11 UTC 2011 

Author: aurel32
Date: 2011-10-19 07:17:10 +0000 (Wed, 19 Oct 2011)
New Revision: 3744

Modified:
   trunk/kfreebsd-8/debian/changelog
   trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff
Log:
   * Update 000_unix_socket_overflow.diff from the second security advisory,
     fixing the same issue on the Linux compatibility layer. Closes: 
     #645377.



Modified: trunk/kfreebsd-8/debian/changelog
===================================================================
--- trunk/kfreebsd-8/debian/changelog	2011-10-18 07:02:22 UTC (rev 3743)
+++ trunk/kfreebsd-8/debian/changelog	2011-10-19 07:17:10 UTC (rev 3744)
@@ -9,6 +9,11 @@
    * Add 918_unix_socket_overflow.diff, to fix up breakage in our userland
      after 000_unix_socket_overflow.diff. Closes: #645527.
 
+   [ Aurelien Jarno ]
+   * Update 000_unix_socket_overflow.diff from the second security advisory,
+     fixing the same issue on the Linux compatibility layer. Closes: 
+     #645377.
+
  -- Robert Millan <rmh at debian.org>  Sun, 16 Oct 2011 11:43:34 +0200
 
 kfreebsd-8 (8.2-9) unstable; urgency=high

Modified: trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff
===================================================================
--- trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff	2011-10-18 07:02:22 UTC (rev 3743)
+++ trunk/kfreebsd-8/debian/patches/000_unix_socket_overflow.diff	2011-10-19 07:17:10 UTC (rev 3744)
@@ -17,4 +17,34 @@
 +		return (EINVAL);
  	len = nam->sa_len - offsetof(struct sockaddr_un, sun_path);
  	if (len <= 0)
+--- a/sys/compat/linux/linux_socket.c
++++ b/sys/compat/linux/linux_socket.c
+@@ -104,6 +104,7 @@
+ 	int oldv6size;
+ 	struct sockaddr_in6 *sin6;
+ #endif
++	int namelen;
+ 
+ 	if (*osalen < 2 || *osalen > UCHAR_MAX || !osa)
  		return (EINVAL);
+@@ -166,6 +167,20 @@
+ 		}
+ 	}
+ 
++	if ((bdom == AF_LOCAL) && (*osalen > sizeof(struct sockaddr_un))) {
++		for (namelen = 0;
++		    namelen < *osalen - offsetof(struct sockaddr_un, sun_path);
++		    namelen++)
++			if (!((struct sockaddr_un *)kosa)->sun_path[namelen])
++				break;
++		if (namelen + offsetof(struct sockaddr_un, sun_path) >
++		    sizeof(struct sockaddr_un)) {
++			error = EINVAL;
++			goto out;
++		}
++		alloclen = sizeof(struct sockaddr_un);
++	}
++
+ 	sa = (struct sockaddr *) kosa;
+ 	sa->sa_family = bdom;
+ 	sa->sa_len = alloclen;		return (EINVAL);

More information about the Glibc-bsd-commits mailing list