[kernel] r9888 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Tue Dec 4 21:07:44 UTC 2007

Author: dannf
Date: Tue Dec  4 21:07:43 2007
New Revision: 9888

Log:
* bugfix/isdn-net-overflow.patch
  [SECURITY] Fix potential overflows in the ISDN subsystem
  See CVE-2007-6063

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch
   dists/etch-security/linux-2.6/debian/patches/series/13etch6
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================

--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Dec  4 21:07:43 2007
@@ -1,3 +1,11 @@
+linux-2.6 (2.6.18.dfsg.1-13etch6) UNRELEASED; urgency=low
+
+  * bugfix/isdn-net-overflow.patch
+    [SECURITY] Fix potential overflows in the ISDN subsystem
+    See CVE-2007-6063
+
+ -- dann frazier <dannf at debian.org>  Tue, 04 Dec 2007 11:48:54 -0700
+
 linux-2.6 (2.6.18.dfsg.1-13etch5) stable-security; urgency=high
 
   * bugfix/sysfs_readdir-NULL-deref-1.patch,

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch	Tue Dec  4 21:07:43 2007
@@ -0,0 +1,54 @@
+From: Karsten Keil <kkeil at suse.de>
+Date: Thu, 22 Nov 2007 11:43:13 +0000 (+0100)
+Subject: isdn: avoid copying overly-long strings
+X-Git-Tag: v2.6.24-rc4~110
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0f13864e5b24d9cbe18d125d41bfa4b726a82e40
+
+isdn: avoid copying overly-long strings
+
+Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
+
+Signed-off-by: Karsten Keil <kkeil at suse.de>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+diff -urpN linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c
+--- linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c	2007-12-04 09:39:24.000000000 -0700
+@@ -2125,7 +2125,7 @@ isdn_net_find_icall(int di, int ch, int 
+ 	u_long flags;
+ 	isdn_net_dev *p;
+ 	isdn_net_phone *n;
+-	char nr[32];
++	char nr[ISDN_MSNLEN];
+ 	char *my_eaz;
+ 
+ 	/* Search name in netdev-chain */
+@@ -2134,7 +2134,7 @@ isdn_net_find_icall(int di, int ch, int 
+ 		nr[1] = '\0';
+ 		printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
+ 	} else
+-		strcpy(nr, setup->phone);
++		strlcpy(nr, setup->phone, ISDN_MSNLEN);
+ 	si1 = (int) setup->si1;
+ 	si2 = (int) setup->si2;
+ 	if (!setup->eazmsn[0]) {
+@@ -2803,7 +2803,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg
+ 				chidx = -1;
+ 			}
+ 		}
+-		strcpy(lp->msn, cfg->eaz);
++		strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
+ 		lp->pre_device = drvidx;
+ 		lp->pre_channel = chidx;
+ 		lp->onhtime = cfg->onhtime;
+@@ -2952,7 +2952,7 @@ isdn_net_addphone(isdn_net_ioctl_phone *
+ 	if (p) {
+ 		if (!(n = (isdn_net_phone *) kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
+ 			return -ENOMEM;
+-		strcpy(n->num, phone->phone);
++		strlcpy(n->num, phone->phone, sizeof(n->num));
+ 		n->next = p->local->phone[phone->outgoing & 1];
+ 		p->local->phone[phone->outgoing & 1] = n;
+ 		return 0;

Added: dists/etch-security/linux-2.6/debian/patches/series/13etch6
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch6	Tue Dec  4 21:07:43 2007
@@ -0,0 +1 @@
++ bugfix/isdn-net-overflow.patch

