[kernel] r9888 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Dec 4 21:07:44 UTC 2007
Author: dannf
Date: Tue Dec 4 21:07:43 2007
New Revision: 9888
Log:
* bugfix/isdn-net-overflow.patch
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch
dists/etch-security/linux-2.6/debian/patches/series/13etch6
Modified:
dists/etch-security/linux-2.6/debian/changelog
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog (original)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Dec 4 21:07:43 2007
@@ -1,3 +1,11 @@
+linux-2.6 (2.6.18.dfsg.1-13etch6) UNRELEASED; urgency=low
+
+ * bugfix/isdn-net-overflow.patch
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
+
+ -- dann frazier <dannf at debian.org> Tue, 04 Dec 2007 11:48:54 -0700
+
linux-2.6 (2.6.18.dfsg.1-13etch5) stable-security; urgency=high
* bugfix/sysfs_readdir-NULL-deref-1.patch,
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch Tue Dec 4 21:07:43 2007
@@ -0,0 +1,54 @@
+From: Karsten Keil <kkeil at suse.de>
+Date: Thu, 22 Nov 2007 11:43:13 +0000 (+0100)
+Subject: isdn: avoid copying overly-long strings
+X-Git-Tag: v2.6.24-rc4~110
+X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0f13864e5b24d9cbe18d125d41bfa4b726a82e40
+
+isdn: avoid copying overly-long strings
+
+Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
+
+Signed-off-by: Karsten Keil <kkeil at suse.de>
+Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+
+diff -urpN linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c
+--- linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c 2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c 2007-12-04 09:39:24.000000000 -0700
+@@ -2125,7 +2125,7 @@ isdn_net_find_icall(int di, int ch, int
+ u_long flags;
+ isdn_net_dev *p;
+ isdn_net_phone *n;
+- char nr[32];
++ char nr[ISDN_MSNLEN];
+ char *my_eaz;
+
+ /* Search name in netdev-chain */
+@@ -2134,7 +2134,7 @@ isdn_net_find_icall(int di, int ch, int
+ nr[1] = '\0';
+ printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
+ } else
+- strcpy(nr, setup->phone);
++ strlcpy(nr, setup->phone, ISDN_MSNLEN);
+ si1 = (int) setup->si1;
+ si2 = (int) setup->si2;
+ if (!setup->eazmsn[0]) {
+@@ -2803,7 +2803,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg
+ chidx = -1;
+ }
+ }
+- strcpy(lp->msn, cfg->eaz);
++ strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn));
+ lp->pre_device = drvidx;
+ lp->pre_channel = chidx;
+ lp->onhtime = cfg->onhtime;
+@@ -2952,7 +2952,7 @@ isdn_net_addphone(isdn_net_ioctl_phone *
+ if (p) {
+ if (!(n = (isdn_net_phone *) kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
+ return -ENOMEM;
+- strcpy(n->num, phone->phone);
++ strlcpy(n->num, phone->phone, sizeof(n->num));
+ n->next = p->local->phone[phone->outgoing & 1];
+ p->local->phone[phone->outgoing & 1] = n;
+ return 0;
Added: dists/etch-security/linux-2.6/debian/patches/series/13etch6
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/13etch6 Tue Dec 4 21:07:43 2007
@@ -0,0 +1 @@
++ bugfix/isdn-net-overflow.patch
More information about the Kernel-svn-changes
mailing list