[kernel] r10539 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

[Dann Frazier]

Author: dannf
Date: Thu Feb 14 04:22:24 2008
New Revision: 10539

Log:
* bugfix/powerpc-chrp-null-deref.patch
  [SECURITY][powerpc] Fix NULL pointer dereference if get_property
  fails on the subarchitecture
  See CVE-2007-6694

Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/powerpc-chrp-null-deref.patch
   dists/etch-security/linux-2.6/debian/patches/series/18etch2
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog	(original)
+++ dists/etch-security/linux-2.6/debian/changelog	Thu Feb 14 04:22:24 2008
@@ -1,3 +1,12 @@
+linux-2.6 (2.6.18.dfsg.1-18etch2) UNRELEASED; urgency=low
+
+  * bugfix/powerpc-chrp-null-deref.patch
+    [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+    fails on the subarchitecture
+    See CVE-2007-6694
+
+ -- dann frazier <dannf at debian.org>  Wed, 13 Feb 2008 21:12:33 -0700
+
 linux-2.6 (2.6.18.dfsg.1-18etch1) stable-security; urgency=high
 
   * bugfix/vmsplice-security.patch

Added: dists/etch-security/linux-2.6/debian/patches/bugfix/powerpc-chrp-null-deref.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/powerpc-chrp-null-deref.patch	Thu Feb 14 04:22:24 2008
@@ -0,0 +1,49 @@
+commit 9ac71d00398674aaec664f30559f0a21d963862f
+Author: Cyrill Gorcunov <gorcunov at gmail.com>
+Date:   Fri Nov 23 16:43:04 2007 +1100
+
+    [POWERPC] CHRP: Fix possible NULL pointer dereference
+    
+    This fixes a possible NULL pointer dereference inside of strncmp() if
+    of_get_property() fails.
+    
+    Signed-off-by: Cyrill Gorcunov <gorcunov at gmail.com>
+    Signed-off-by: Paul Mackerras <paulus at samba.org>
+
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.18.orig/arch/powerpc/platforms/chrp/setup.c linux-source-2.6.18/arch/powerpc/platforms/chrp/setup.c
+--- linux-source-2.6.18.orig/arch/powerpc/platforms/chrp/setup.c	2006-09-19 21:42:06.000000000 -0600
++++ linux-source-2.6.18/arch/powerpc/platforms/chrp/setup.c	2008-02-13 21:01:52.000000000 -0700
+@@ -105,7 +105,7 @@ void chrp_show_cpuinfo(struct seq_file *
+ 	seq_printf(m, "machine\t\t: CHRP %s\n", model);
+ 
+ 	/* longtrail (goldengate) stuff */
+-	if (!strncmp(model, "IBM,LongTrail", 13)) {
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* VLSI VAS96011/12 `Golden Gate 2' */
+ 		/* Memory banks */
+ 		sdramen = (in_le32(gg2_pci_config_base + GG2_PCI_DRAM_CTRL)
+@@ -192,14 +192,20 @@ static void __init sio_fixup_irq(const c
+ static void __init sio_init(void)
+ {
+ 	struct device_node *root;
++	const char *model;
+ 
+-	if ((root = find_path_device("/")) &&
+-	    !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
++	root = find_path_device("/");
++	if (!root)
++		return;
++
++	model = get_property(root, "model", NULL);
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* logical device 0 (KBC/Keyboard) */
+ 		sio_fixup_irq("keyboard", 0, 1, 2);
+ 		/* select logical device 1 (KBC/Mouse) */
+ 		sio_fixup_irq("mouse", 1, 12, 2);
+ 	}
++
+ }
+ 
+ 

Added: dists/etch-security/linux-2.6/debian/patches/series/18etch2
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/18etch2	Thu Feb 14 04:22:24 2008
@@ -0,0 +1 @@
++ bugfix/powerpc-chrp-null-deref.patch