[kernel] r12141 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Dann Frazier dannf at alioth.debian.org
Tue Aug 26 22:27:47 UTC 2008 

Author: dannf
Date: Tue Aug 26 22:27:47 2008
New Revision: 12141

Log:
bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
Fix integer overflow in dccp_setsockopt_change()
See CVE-2008-3276

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
   dists/etch-security/linux-2.6/debian/patches/series/22etch3
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Tue Aug 26 22:27:47 2008
@@ -1,3 +1,11 @@
+linux-2.6 (2.6.18.dfsg.1-22etch3) UNRELEASED; urgency=high
+
+  * bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
+    Fix integer overflow in dccp_setsockopt_change()
+    See CVE-2008-3276
+
+ -- dann frazier <dannf at debian.org>  Tue, 26 Aug 2008 16:21:22 -0600
+
 linux-2.6 (2.6.18.dfsg.1-22etch2) stable-security; urgency=high
 
   * bugfix/x86-wrong-register-was-used-in-align-macro.patch

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch	Tue Aug 26 22:27:47 2008
@@ -0,0 +1,30 @@
+commit 3e8a0a559c66ee9e7468195691a56fefc3589740
+Author: Arnaldo Carvalho de Melo <acme at redhat.com>
+Date:   Wed Aug 13 13:48:39 2008 -0700
+
+    dccp: change L/R must have at least one byte in the dccpsf_val field
+    
+    Thanks to Eugene Teo for reporting this problem.
+    
+    Signed-off-by: Eugene Teo <eugenete at kernel.sg>
+    Signed-off-by: Arnaldo Carvalho de Melo <acme at redhat.com>
+    Signed-off-by: Gerrit Renker <gerrit at erg.abdn.ac.uk>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at hp.com>
+
+diff -urpN linux-source-2.6.18.orig/net/dccp/proto.c linux-source-2.6.18/net/dccp/proto.c
+--- linux-source-2.6.18.orig/net/dccp/proto.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/net/dccp/proto.c	2008-08-26 16:09:52.000000000 -0600
+@@ -431,6 +431,11 @@ static int dccp_setsockopt_change(struct
+ 
+ 	if (copy_from_user(&opt, optval, sizeof(opt)))
+ 		return -EFAULT;
++	/*
++	 * rfc4340: 6.1. Change Options
++	 */
++	if (opt.dccpsf_len < 1)
++		return -EINVAL;
+ 
+ 	val = kmalloc(opt.dccpsf_len, GFP_KERNEL);
+ 	if (!val)

Added: dists/etch-security/linux-2.6/debian/patches/series/22etch3
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/22etch3	Tue Aug 26 22:27:47 2008
@@ -0,0 +1 @@
++ bugfix/dccp-change-l-r-must-have-at-least-one-byte-in-the-dccpsf_val-field.patch

More information about the Kernel-svn-changes mailing list