[kernel] r12589 - people/dannf/2.6.24+CVE-2009-0029/debian/patches/bugfix/all

Dann Frazier dannf at alioth.debian.org
Wed Jan 21 20:05:00 UTC 2009 

Author: dannf
Date: Wed Jan 21 20:04:59 2009
New Revision: 12589

Log:
merge fix from etch-security

Modified:
   people/dannf/2.6.24+CVE-2009-0029/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch

Modified: people/dannf/2.6.24+CVE-2009-0029/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch
==============================================================================
--- people/dannf/2.6.24+CVE-2009-0029/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch	(original)
+++ people/dannf/2.6.24+CVE-2009-0029/debian/patches/bugfix/all/sctp-avoid-memory-overflow.patch	Wed Jan 21 20:04:59 2009
@@ -28,20 +28,19 @@
 Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
 
 diff -urpN linux-source-2.6.24.orig/net/sctp/sm_statefuns.c linux-source-2.6.24/net/sctp/sm_statefuns.c
---- linux-source-2.6.24.orig/net/sctp/sm_statefuns.c	2008-01-24 15:58:37.000000000 -0700
-+++ linux-source-2.6.24/net/sctp/sm_statefuns.c	2009-01-12 22:57:05.000000000 -0700
-@@ -3629,6 +3629,8 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+--- linux-source-2.6.24.orig/net/sctp/sm_statefuns.c	2008-12-24 18:58:51.000000000 -0700
++++ linux-source-2.6.24/net/sctp/sm_statefuns.c	2009-01-21 13:01:02.000000000 -0700
+@@ -3569,6 +3569,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
  {
  	struct sctp_chunk *chunk = arg;
  	struct sctp_fwdtsn_hdr *fwdtsn_hdr;
 +	struct sctp_fwdtsn_skip *skip;
-+	struct sctp_fwdtsn_skip *skip;
  	__u16 len;
  	__u32 tsn;
  
-@@ -3658,6 +3660,18 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+@@ -3598,6 +3599,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
  	if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
- 		goto gen_shutdown;
+ 		goto discard_noforce;
  
 +	/* Silently discard the chunk if stream-id is not valid */
 +	sctp_walk_fwdtsn(skip, chunk) {
@@ -49,6 +48,21 @@
 +			goto discard_noforce;
 +	}
 +
+ 	sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
+ 	if (len > sizeof(struct sctp_fwdtsn_hdr))
+ 		sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
+@@ -3629,6 +3636,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ {
+ 	struct sctp_chunk *chunk = arg;
+ 	struct sctp_fwdtsn_hdr *fwdtsn_hdr;
++	struct sctp_fwdtsn_skip *skip;
+ 	__u16 len;
+ 	__u32 tsn;
+ 
+@@ -3658,6 +3666,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ 	if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
+ 		goto gen_shutdown;
+ 
 +	/* Silently discard the chunk if stream-id is not valid */
 +	sctp_walk_fwdtsn(skip, chunk) {
 +		if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams)

More information about the Kernel-svn-changes mailing list