r2847 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches: . series

Simon Horman horms@costa.debian.org
Tue, 29 Mar 2005 08:22:54 +0000 

Author: horms
Date: 2005-03-29 08:22:53 +0000 (Tue, 29 Mar 2005)
New Revision: 2847

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/155_bluetooth_signdness-fix.diff
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
Log:
[Security] Fix signedness problem at socket creation in bluetooth
which can lead to local root exploit. See CAN-2005-0750

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/155_bluetooth_signdness-fix.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/155_bluetooth_signdness-fix.diff	2005-03-29 03:36:24 UTC (rev 2846)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/155_bluetooth_signdness-fix.diff	2005-03-29 08:22:53 UTC (rev 2847)
@@ -0,0 +1,63 @@
+# origin: marcel (BitKeeper)
+# cset: 1.1480 (2.4) key=4244717faf_jG6n164uKBvLcVKTAtw
+# URL: http://linux.bkbits.net:8080/linux-2.4/cset@4244717faf_jG6n164uKBvLcVKTAtw
+# inclusion: upstream
+# descrition: [PATCH] CAN-2005-0750: Fix af_bluetooth range checking bug, discovered by Ilja van Sprundel <ilja@suresec.org>
+# revision date: Tue, 29 Mar 2005 17:17:40 +0900
+#
+# S rset: ChangeSet|1.1479..1.1480
+# I rset: net/bluetooth/af_bluetooth.c|1.11..1.12
+#
+# Key:
+# S: Skipped  ChangeSet file only
+# O: Original Followed by Updated
+# U: Updated  Included with updated range of versions
+# I: Included Included verbatim
+# E: Excluded Excluded on request from user
+# D: Deleted  Manually deleted by subsequent user edit
+# R: Revised  Manually revised by subsequent user edit
+#
+#
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2005/03/25 17:15:59-03:00 marcel@holtmann.org 
+#   [PATCH] CAN-2005-0750: Fix af_bluetooth range checking bug, discovered by Ilja van Sprundel <ilja@suresec.org>
+#   
+#   Fix range checking
+# 
+# net/bluetooth/af_bluetooth.c
+#   2005/03/25 17:13:58-03:00 marcel@holtmann.org +3 -3
+#   CAN-2005-0750: Fix af_bluetooth range checking bug, discovered by Ilja van Sprundel <ilja@suresec.org>
+# 
+#
+===== net/bluetooth/af_bluetooth.c 1.11 vs 1.12 =====
+--- 1.11/net/bluetooth/af_bluetooth.c	2004-06-20 20:54:02 +09:00
++++ 1.12/net/bluetooth/af_bluetooth.c	2005-03-26 05:13:58 +09:00
+@@ -62,7 +62,7 @@ static struct net_proto_family *bluez_pr
+ 
+ int bluez_sock_register(int proto, struct net_proto_family *ops)
+ {
+-	if (proto >= BLUEZ_MAX_PROTO)
++	if (proto < 0 || proto >= BLUEZ_MAX_PROTO)
+ 		return -EINVAL;
+ 
+ 	if (bluez_proto[proto])
+@@ -74,7 +74,7 @@ int bluez_sock_register(int proto, struc
+ 
+ int bluez_sock_unregister(int proto)
+ {
+-	if (proto >= BLUEZ_MAX_PROTO)
++	if (proto < 0 || proto >= BLUEZ_MAX_PROTO)
+ 		return -EINVAL;
+ 
+ 	if (!bluez_proto[proto])
+@@ -86,7 +86,7 @@ int bluez_sock_unregister(int proto)
+ 
+ static int bluez_sock_create(struct socket *sock, int proto)
+ {
+-	if (proto >= BLUEZ_MAX_PROTO)
++	if (proto < 0 || proto >= BLUEZ_MAX_PROTO)
+ 		return -EINVAL;
+ 
+ #if defined(CONFIG_KMOD)

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10	2005-03-29 03:36:24 UTC (rev 2846)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10	2005-03-29 08:22:53 UTC (rev 2847)
@@ -0,0 +1 @@
++ 155_bluetooth_signdness-fix.diff