[kernel] r14678 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Nov 25 19:27:38 UTC 2009
Author: dannf
Date: Wed Nov 25 19:27:36 2009
New Revision: 14678
Log:
isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
Added:
dists/lenny/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
Modified:
dists/lenny/linux-2.6/debian/changelog
dists/lenny/linux-2.6/debian/patches/series/21
Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog Wed Nov 25 05:21:43 2009 (r14677)
+++ dists/lenny/linux-2.6/debian/changelog Wed Nov 25 19:27:36 2009 (r14678)
@@ -24,6 +24,7 @@
(CVE-2009-3726)
* [SCSI] megaraid_sas: remove sysfs dbg_lvl world writeable permissions
(CVE-2009-3889)
+ * isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
-- Ben Hutchings <ben at decadent.org.uk> Sat, 24 Oct 2009 23:45:45 +0100
Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch Wed Nov 25 19:27:36 2009 (r14678)
@@ -0,0 +1,28 @@
+commit 286e633ef0ff5bb63c07b4516665da8004966fec
+Author: Roel Kluin <roel.kluin at gmail.com>
+Date: Wed Nov 4 08:31:59 2009 -0800
+
+ isdn: hfc_usb: Fix read buffer overflow
+
+ Check whether index is within bounds before testing the element.
+
+ Signed-off-by: Roel Kluin <roel.kluin at gmail.com>
+ Cc: Karsten Keil <isdn at linux-pingi.de>
+ Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/drivers/isdn/hisax/hfc_usb.c b/drivers/isdn/hisax/hfc_usb.c
+index 9de5420..a420b64 100644
+--- a/drivers/isdn/hisax/hfc_usb.c
++++ b/drivers/isdn/hisax/hfc_usb.c
+@@ -817,8 +817,8 @@ collect_rx_frame(usb_fifo * fifo, __u8 * data, int len, int finish)
+ }
+ /* we have a complete hdlc packet */
+ if (finish) {
+- if ((!fifo->skbuff->data[fifo->skbuff->len - 1])
+- && (fifo->skbuff->len > 3)) {
++ if (fifo->skbuff->len > 3 &&
++ !fifo->skbuff->data[fifo->skbuff->len - 1]) {
+
+ if (fifon == HFCUSB_D_RX) {
+ DBG(HFCUSB_DBG_DCHANNEL,
Modified: dists/lenny/linux-2.6/debian/patches/series/21
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/21 Wed Nov 25 05:21:43 2009 (r14677)
+++ dists/lenny/linux-2.6/debian/patches/series/21 Wed Nov 25 19:27:36 2009 (r14678)
@@ -31,3 +31,4 @@
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
+ bugfix/all/nfsv4-buggy-server-oops.patch
+ bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
++ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
More information about the Kernel-svn-changes
mailing list