r2508 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Joshua Kwan joshk@costa.debian.org
Thu, 17 Feb 2005 20:30:13 +0100 

Author: joshk
Date: 2005-02-17 20:30:12 +0100 (Thu, 17 Feb 2005)
New Revision: 2508

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/135_fix_ip_options_leak.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
Log:
[CAN-2004-1335] fix leak of IP options data

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-02-17 19:15:44 UTC (rev 2507)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-02-17 19:30:12 UTC (rev 2508)
@@ -8,11 +8,14 @@
 
   * Updated apply script so it can handle point versions
     (Simon Horman)
-  
+
   * 134_skb_reset_ip_summed.diff: resolve checksumming exploit in
     fragmented packet forwarding (Joshua Kwan)
+  
+  * 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
+    data. 
 
- -- Joshua Kwan <joshk@triplehelix.org>  Wed, 16 Feb 2005 16:06:48 -0800
+ -- Joshua Kwan <joshk@triplehelix.org>  Thu, 17 Feb 2005 11:29:09 -0800
 
 kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
 

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/135_fix_ip_options_leak.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/135_fix_ip_options_leak.diff	2005-02-17 19:15:44 UTC (rev 2507)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/135_fix_ip_options_leak.diff	2005-02-17 19:30:12 UTC (rev 2508)
@@ -0,0 +1,35 @@
+# origin: bk
+# key: 41b766beodCDEFPbjDRLoUUUxw4Z6w (linux-2.4)
+# description: Do not leak IP options.
+# inclusion: backport from 2.4.29
+# revision date: 2005-02-17
+
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2004/12/08 12:40:30-08:00 davem@nuts.davemloft.net 
+#   [IPV4]: Do not leak IP options.
+#   
+#   If the user makes ip_cmsg_send call ip_options_get
+#   multiple times, we leak kmalloced IP options data.
+#   
+#   Noticed by Georgi Guninski.
+#   
+#   Signed-off-by: David S. Miller <davem@davemloft.net>
+# 
+# net/ipv4/ip_options.c
+#   2004/12/08 12:40:12-08:00 davem@nuts.davemloft.net +2 -0
+#   [IPV4]: Do not leak IP options.
+# 
+diff -Nru a/net/ipv4/ip_options.c b/net/ipv4/ip_options.c
+--- a/net/ipv4/ip_options.c	2005-02-17 11:29:02 -08:00
++++ b/net/ipv4/ip_options.c	2005-02-17 11:29:02 -08:00
+@@ -514,6 +514,8 @@
+ 		kfree(opt);
+ 		return -EINVAL;
+ 	}
++	if (*optp)
++		kfree(*optp);
+ 	*optp = opt;
+ 	return 0;
+ }

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9	2005-02-17 19:15:44 UTC (rev 2507)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9	2005-02-17 19:30:12 UTC (rev 2508)
@@ -1 +1,2 @@
 + 134_skb_reset_ip_summed.diff
++ 135_fix_ip_options_leak.diff