r2004 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Dann Frazier
dannf@haydn.debian.org
Thu, 16 Dec 2004 00:42:49 -0700
Author: dannf
Date: 2004-12-16 00:42:28 -0700 (Thu, 16 Dec 2004)
New Revision: 2004
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
Log:
add cmsg compat patch - thanks trippeh
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-16 07:21:29 UTC (rev 2003)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2004-12-16 07:42:28 UTC (rev 2004)
@@ -5,12 +5,14 @@
* Security: Fix a potential oops using a malformed a.out binary
(CAN-2004-1074) (dann frazier)
* 115_tty_lockup-3.diff: Fix an unterminated comment (dann frazier)
- * 116-cmsg-validation-checks.patch: Patch from Herbert Xu fixing CMSG
- validation wrt signedness (CAN-2004-1016) (dann frazier)
+ * 116-cmsg-validation-checks.patch, 116-cmsg-validation-checks-compat.patch:
+ Patches from Herbert Xu and David Miller fixing CMSG validation wrt
+ signedness - thanks to Andre Tornt for pointing it out (CAN-2004-1016)
+ (dann frazier)
* 117-igmp-source-filter-fixes.patch: IGMP source filter fixes
(CAN-2004-1137) (dann frazier)
- -- dann frazier <dannf@debian.org> Wed, 15 Dec 2004 22:23:12 -0700
+ -- dann frazier <dannf@debian.org> Thu, 16 Dec 2004 00:40:31 -0700
kernel-source-2.4.27 (2.4.27-6) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch 2004-12-16 07:21:29 UTC (rev 2003)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/118-cmsg-validation-checks-compat.patch 2004-12-16 07:42:28 UTC (rev 2004)
@@ -0,0 +1,247 @@
+# origin: David S. Miller <davem@davemloft.net>
+# cset: 1.1516.6.3
+# inclusion: backport
+# revision date: 2004-12-14
+# description: Fix CMSG validation checks wrt. signedness in compat code
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+# 2004/12/08 13:33:08-08:00 davem@nuts.davemloft.net
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# Signed-off-by: David S. Miller <davem@davemloft.net>
+#
+# arch/ia64/ia32/sys_ia32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -4
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/mips64/kernel/linux32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +7 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/parisc/kernel/sys_parisc32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/ppc64/kernel/sys_ppc32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/s390x/kernel/linux32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/sparc64/kernel/sys_sparc32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +6 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# arch/x86_64/ia32/socket32.c
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +2 -5
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+# include/asm-x86_64/socket32.h
+# 2004/12/08 13:32:46-08:00 davem@nuts.davemloft.net +5 -0
+# [NET]: CMSG compat code needs signedness fixes too.
+#
+diff -Nru a/arch/ia64/ia32/sys_ia32.c b/arch/ia64/ia32/sys_ia32.c
+--- a/arch/ia64/ia32/sys_ia32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/ia64/ia32/sys_ia32.c 2004-12-15 23:32:09 -08:00
+@@ -1369,6 +1369,11 @@
+ #define __CMSG32_FIRSTHDR(ctl,len) \
+ ((len) >= sizeof(struct cmsghdr32) ? (struct cmsghdr32 *)(ctl) : (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ static inline struct cmsghdr32 *
+ __cmsg32_nxthdr (void *ctl, __kernel_size_t size, struct cmsghdr32 *cmsg, int cmsg_len)
+@@ -1429,10 +1434,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if (CMSG32_ALIGN(ucmlen) < CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if ((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control) + ucmlen)
+- > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/mips64/kernel/linux32.c b/arch/mips64/kernel/linux32.c
+--- a/arch/mips64/kernel/linux32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/mips64/kernel/linux32.c 2004-12-15 23:32:09 -08:00
+@@ -2483,6 +2483,12 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
++
+
+ __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
+ struct cmsghdr32 *__cmsg, int __cmsg_len)
+@@ -2623,11 +2629,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -ENOBUFS;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/parisc/kernel/sys_parisc32.c b/arch/parisc/kernel/sys_parisc32.c
+--- a/arch/parisc/kernel/sys_parisc32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/parisc/kernel/sys_parisc32.c 2004-12-15 23:32:09 -08:00
+@@ -1814,6 +1814,11 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
+ struct cmsghdr32 *__cmsg, int __cmsg_len)
+@@ -1940,11 +1945,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/ppc64/kernel/sys_ppc32.c b/arch/ppc64/kernel/sys_ppc32.c
+--- a/arch/ppc64/kernel/sys_ppc32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/ppc64/kernel/sys_ppc32.c 2004-12-15 23:32:09 -08:00
+@@ -3273,6 +3273,11 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ struct msghdr32
+ {
+@@ -3448,11 +3453,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/s390x/kernel/linux32.c b/arch/s390x/kernel/linux32.c
+--- a/arch/s390x/kernel/linux32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/s390x/kernel/linux32.c 2004-12-15 23:32:09 -08:00
+@@ -2306,6 +2306,11 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
+ struct cmsghdr32 *__cmsg, int __cmsg_len)
+@@ -2432,11 +2437,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/sparc64/kernel/sys_sparc32.c b/arch/sparc64/kernel/sys_sparc32.c
+--- a/arch/sparc64/kernel/sys_sparc32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/sparc64/kernel/sys_sparc32.c 2004-12-15 23:32:09 -08:00
+@@ -2354,6 +2354,11 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
+ struct cmsghdr32 *__cmsg, int __cmsg_len)
+@@ -2480,11 +2485,7 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
+
+ tmp = ((ucmlen - CMSG32_ALIGN(sizeof(*ucmsg))) +
+diff -Nru a/arch/x86_64/ia32/socket32.c b/arch/x86_64/ia32/socket32.c
+--- a/arch/x86_64/ia32/socket32.c 2004-12-15 23:32:09 -08:00
++++ b/arch/x86_64/ia32/socket32.c 2004-12-15 23:32:09 -08:00
+@@ -136,12 +136,9 @@
+ return -EFAULT;
+
+ /* Catch bogons. */
+- if(CMSG32_ALIGN(ucmlen) <
+- CMSG32_ALIGN(sizeof(struct cmsghdr32)))
+- return -EINVAL;
+- if((unsigned long)(((char *)ucmsg - (char *)kmsg->msg_control)
+- + ucmlen) > kmsg->msg_controllen)
++ if (!CMSG32_OK(ucmlen, ucmsg, kmsg))
+ return -EINVAL;
++
+ if (kmsg->msg_controllen > 65536)
+ return -EINVAL;
+
+diff -Nru a/include/asm-x86_64/socket32.h b/include/asm-x86_64/socket32.h
+--- a/include/asm-x86_64/socket32.h 2004-12-15 23:32:09 -08:00
++++ b/include/asm-x86_64/socket32.h 2004-12-15 23:32:09 -08:00
+@@ -45,6 +45,11 @@
+ (struct cmsghdr32 *)(ctl) : \
+ (struct cmsghdr32 *)NULL)
+ #define CMSG32_FIRSTHDR(msg) __CMSG32_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
++#define CMSG32_OK(ucmlen, ucmsg, mhdr) \
++ ((ucmlen) >= sizeof(struct cmsghdr) && \
++ (ucmlen) <= (unsigned long) \
++ ((mhdr)->msg_controllen - \
++ ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))
+
+ __inline__ struct cmsghdr32 *__cmsg32_nxthdr(void *__ctl, __kernel_size_t __size,
+ struct cmsghdr32 *__cmsg, int __cmsg_len)
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-16 07:21:29 UTC (rev 2003)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-7 2004-12-16 07:42:28 UTC (rev 2004)
@@ -3,3 +3,4 @@
+ 115_tty_lockup-3.diff
+ 116-cmsg-validation-checks.patch
+ 117-igmp-source-filter-fixes.patch
++ 118-cmsg-validation-checks-compat.patch