[kernel] r16438 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Oct 14 06:38:23 UTC 2010
Author: dannf
Date: Thu Oct 14 06:38:14 2010
New Revision: 16438
Log:
rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
Modified:
dists/sid/linux-2.6/debian/changelog
dists/sid/linux-2.6/debian/patches/series/25
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Thu Oct 14 06:33:37 2010 (r16437)
+++ dists/sid/linux-2.6/debian/changelog Thu Oct 14 06:38:14 2010 (r16438)
@@ -36,6 +36,7 @@
* hvc_console: Fix race between hvc_close and hvc_remove (CVE-2010-2653)
* net sched: fix some kernel memory leaks (CVE-2010-2942)
* niu: Fix kernel buffer overflow for ETHTOOL_GRXCLSRLALL (CVE-2010-3084)
+ * rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
-- dann frazier <dannf at debian.org> Wed, 13 Oct 2010 23:44:55 -0600
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch Thu Oct 14 06:38:14 2010 (r16438)
@@ -0,0 +1,35 @@
+commit 9828e6e6e3f19efcb476c567b9999891d051f52f
+Author: David S. Miller <davem at davemloft.net>
+Date: Mon Sep 20 15:40:35 2010 -0700
+
+ rose: Fix signedness issues wrt. digi count.
+
+ Just use explicit casts, since we really can't change the
+ types of structures exported to userspace which have been
+ around for 15 years or so.
+
+ Reported-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index 8e45e76..d952e7e 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -679,7 +679,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ return -EINVAL;
+
+- if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++ if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ return -EINVAL;
+
+ if ((dev = rose_dev_get(&addr->srose_addr)) == NULL) {
+@@ -739,7 +739,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
+ if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ return -EINVAL;
+
+- if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++ if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ return -EINVAL;
+
+ /* Source + Destination digis should not exceed ROSE_MAX_DIGIS */
Modified: dists/sid/linux-2.6/debian/patches/series/25
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/25 Thu Oct 14 06:33:37 2010 (r16437)
+++ dists/sid/linux-2.6/debian/patches/series/25 Thu Oct 14 06:38:14 2010 (r16438)
@@ -26,3 +26,4 @@
+ bugfix/all/act_nat-use-stack-variable.patch
+ bugfix/all/net-sched-fix-some-memory-leaks.patch
+ bugfix/all/niu-fix-kernel-buffer-overflow-for-ETHTOOL_GRXCLSRLALL.patch
++ bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
More information about the Kernel-svn-changes
mailing list