[kernel] r10563 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Sun Feb 17 18:30:28 UTC 2008 

Author: dannf
Date: Sun Feb 17 18:30:27 2008
New Revision: 10563

Log:
* 265_powerpc-chrp-null-deref.diff
  [SECURITY][powerpc] Fix NULL pointer dereference if get_property
  fails on the subarchitecture
  See CVE-2007-6694

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Sun Feb 17 18:30:27 2008
@@ -82,8 +82,12 @@
     [SECURITY] Add VM_DONTEXPAND to vm_flags in drivers that register
     a fault handler but do not bounds check the offset argument
     See CVE-2008-0007
+  * 265_powerpc-chrp-null-deref.diff
+    [SECURITY][powerpc] Fix NULL pointer dereference if get_property
+    fails on the subarchitecture
+    See CVE-2007-6694
 
- -- dann frazier <dannf at debian.org>  Thu, 14 Feb 2008 14:59:56 -0700
+ -- dann frazier <dannf at debian.org>  Thu, 14 Feb 2008 15:12:16 -0700
 
 kernel-source-2.4.27 (2.4.27-10sarge5) stable-security; urgency=high
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/265_powerpc-chrp-null-deref.diff	Sun Feb 17 18:30:27 2008
@@ -0,0 +1,53 @@
+commit 6a6e6213bcca62326b087df9df6f585ec2c5326a
+Author: dann frazier <dannf at hp.com>
+Date:   Thu Feb 14 15:10:20 2008 -0700
+
+    2.4: [POWERPC] CHRP: Fix possible NULL pointer dereference
+    
+    This is a 2.4 backport of a linux-2.6 change by Cyrill Gorcunov.
+    (commit 9ac71d00398674aaec664f30559f0a21d963862f)
+    
+    CVE-2007-6694 was assigned for this issue.
+    This backport has been compile-tested only.
+    
+    Commit log from 2.6 follows.
+    
+        This fixes a possible NULL pointer dereference inside of strncmp() if
+        of_get_property() fails.
+
+diff --git a/arch/ppc/platforms/chrp_setup.c b/arch/ppc/platforms/chrp_setup.c
+index 0ffbbd2..28747db 100644
+--- a/arch/ppc/platforms/chrp_setup.c
++++ b/arch/ppc/platforms/chrp_setup.c
+@@ -121,7 +121,7 @@ chrp_show_cpuinfo(struct seq_file *m)
+ 	seq_printf(m, "machine\t\t: CHRP %s\n", model);
+ 
+ 	/* longtrail (goldengate) stuff */
+-	if (!strncmp(model, "IBM,LongTrail", 13)) {
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* VLSI VAS96011/12 `Golden Gate 2' */
+ 		/* Memory banks */
+ 		sdramen = (in_le32((unsigned *)(gg2_pci_config_base+
+@@ -210,14 +210,20 @@ static void __init sio_fixup_irq(const char *name, u8 device, u8 level,
+ static void __init sio_init(void)
+ {
+ 	struct device_node *root;
++	const char *model;
+ 
+-	if ((root = find_path_device("/")) &&
+-	    !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) {
++	root = find_path_device("/");
++	if (!root)
++		return;
++
++	model = get_property(root, "model", NULL);
++	if (model && !strncmp(model, "IBM,LongTrail", 13)) {
+ 		/* logical device 0 (KBC/Keyboard) */
+ 		sio_fixup_irq("keyboard", 0, 1, 2);
+ 		/* select logical device 1 (KBC/Mouse) */
+ 		sio_fixup_irq("mouse", 1, 12, 2);
+ 	}
++
+ }
+ 
+ 

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	Sun Feb 17 18:30:27 2008
@@ -24,3 +24,4 @@
 + 262_aacraid-ioctl-perm-check.diff
 + 263_usb-pwc-disconnect-block.diff
 + 264_mmap-VM_DONTEXPAND.diff
++ 265_powerpc-chrp-null-deref.diff

More information about the Kernel-svn-changes mailing list