[kernel] r16438 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Oct 14 06:38:23 UTC 2010 

Author: dannf
Date: Thu Oct 14 06:38:14 2010
New Revision: 16438

Log:
rose: Fix signedness issues wrt. digi count (CVE-2010-3310)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/25

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Thu Oct 14 06:33:37 2010	(r16437)
+++ dists/sid/linux-2.6/debian/changelog	Thu Oct 14 06:38:14 2010	(r16438)
@@ -36,6 +36,7 @@
   * hvc_console: Fix race between hvc_close and hvc_remove (CVE-2010-2653)
   * net sched: fix some kernel memory leaks (CVE-2010-2942)
   * niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL (CVE-2010-3084)
+  * rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
 
  -- dann frazier <dannf at debian.org>  Wed, 13 Oct 2010 23:44:55 -0600
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch	Thu Oct 14 06:38:14 2010	(r16438)
@@ -0,0 +1,35 @@
+commit 9828e6e6e3f19efcb476c567b9999891d051f52f
+Author: David S. Miller <davem at davemloft.net>
+Date:   Mon Sep 20 15:40:35 2010 -0700
+
+    rose: Fix signedness issues wrt. digi count.
+    
+    Just use explicit casts, since we really can't change the
+    types of structures exported to userspace which have been
+    around for 15 years or so.
+    
+    Reported-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index 8e45e76..d952e7e 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -679,7 +679,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ 	if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ 		return -EINVAL;
+ 
+-	if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++	if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ 		return -EINVAL;
+ 
+ 	if ((dev = rose_dev_get(&addr->srose_addr)) == NULL) {
+@@ -739,7 +739,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
+ 	if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ 		return -EINVAL;
+ 
+-	if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++	if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ 		return -EINVAL;
+ 
+ 	/* Source + Destination digis should not exceed ROSE_MAX_DIGIS */

Modified: dists/sid/linux-2.6/debian/patches/series/25
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/25	Thu Oct 14 06:33:37 2010	(r16437)
+++ dists/sid/linux-2.6/debian/patches/series/25	Thu Oct 14 06:38:14 2010	(r16438)
@@ -26,3 +26,4 @@
 + bugfix/all/act_nat-use-stack-variable.patch
 + bugfix/all/net-sched-fix-some-memory-leaks.patch
 + bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch
++ bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch

More information about the Kernel-svn-changes mailing list