[kernel] r7935 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Tue Dec 5 09:13:26 UTC 2006 

Author: dannf
Date: Tue Dec  5 10:13:26 2006
New Revision: 7935

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Log:
* bridge-get_fdb_entries-overflow.dpatch
  Protect against possible overflow in get_fdb_entries
  See CVE-2006-5751

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Tue Dec  5 10:13:26 2006
@@ -33,8 +33,11 @@
     Honor uid, gid and mode mount options for smbfs even when unix extensions
     are enabled
     See CVE-2006-5871
+  * bridge-get_fdb_entries-overflow.dpatch
+    Protect against possible overflow in get_fdb_entries
+    See CVE-2006-5751
 
- -- dann frazier <dannf at debian.org>  Sun,  3 Dec 2006 16:14:55 -0700
+ -- dann frazier <dannf at debian.org>  Mon,  4 Dec 2006 19:11:05 -0700
 
 kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch	Tue Dec  5 10:13:26 2006
@@ -0,0 +1,36 @@
+From: Chris Wright <chrisw at sous-sol.org>
+Date: Mon, 20 Nov 2006 23:02:49 +0000 (-0800)
+Subject: [PATCH] bridge: fix possible overflow in get_fdb_entries
+X-Git-Tag: v2.6.19
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ba8379b220509e9448c00a77cf6c15ac2a559cc7
+
+[PATCH] bridge: fix possible overflow in get_fdb_entries
+
+Make sure to properly clamp maxnum to avoid overflow
+
+Signed-off-by: Chris Wright <chrisw at sous-sol.org>
+Acked-by: Eugene Teo <eteo at redhat.com>
+Acked-by: Marcel Holtmann <marcel at holtmann.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/net/bridge/br_ioctl.c
++++ b/net/bridge/br_ioctl.c
+@@ -58,12 +58,13 @@ static int get_fdb_entries(struct net_br
+ {
+ 	int num;
+ 	void *buf;
+-	size_t size = maxnum * sizeof(struct __fdb_entry);
++	size_t size;
+ 
+-	if (size > PAGE_SIZE) {
+-		size = PAGE_SIZE;
++	/* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
++	if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
+ 		maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
+-	}
++
++	size = maxnum * sizeof(struct __fdb_entry);
+ 
+ 	buf = kmalloc(size, GFP_USER);
+ 	if (!buf)

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6	Tue Dec  5 10:13:26 2006
@@ -6,3 +6,4 @@
 + ppc-alignment-exception-table-check.dpatch
 + s390-uaccess-memleak.dpatch
 + smbfs-honor-mount-opts.dpatch
++ bridge-get_fdb_entries-overflow.dpatch

More information about the Kernel-svn-changes mailing list