[kernel] r16482 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Mon Oct 25 02:20:51 UTC 2010

Author: dannf
Date: Mon Oct 25 02:20:47 2010
New Revision: 16482

Log:
rose: Fix signedness issues wrt. digi count (CVE-2010-3310)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/25lenny2

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================

--- dists/lenny-security/linux-2.6/debian/changelog	Mon Oct 25 02:20:32 2010	(r16481)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Oct 25 02:20:47 2010	(r16482)
@@ -4,6 +4,7 @@
   * aio: check for multiplication overflow in do_io_submit (CVE-2010-3067)
   * cxgb3: prevent reading uninitialized stack memory (CVE-2010-3296)
   * eql: prevent reading uninitialized stack memory (CVE-2010-3297)
+  * rose: Fix signedness issues wrt. digi count (CVE-2010-3310)
 
  -- dann frazier <dannf at debian.org>  Thu, 30 Sep 2010 21:42:24 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch	Mon Oct 25 02:20:47 2010	(r16482)
@@ -0,0 +1,35 @@
+commit fb582545098ca3312abc342cd381ddf5e68e332b
+Author: David S. Miller <davem at davemloft.net>
+Date:   Mon Sep 20 15:40:35 2010 -0700
+
+    rose: Fix signedness issues wrt. digi count.
+    
+    Just use explicit casts, since we really can't change the
+    types of structures exported to userspace which have been
+    around for 15 years or so.
+    
+    Reported-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
+index 47baa05..3ec3394 100644
+--- a/net/rose/af_rose.c
++++ b/net/rose/af_rose.c
+@@ -668,7 +668,7 @@ static int rose_bind(struct socket *sock, struct sockaddr *uaddr, int addr_len)
+ 	if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ 		return -EINVAL;
+ 
+-	if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++	if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ 		return -EINVAL;
+ 
+ 	if ((dev = rose_dev_get(&addr->srose_addr)) == NULL) {
+@@ -728,7 +728,7 @@ static int rose_connect(struct socket *sock, struct sockaddr *uaddr, int addr_le
+ 	if (addr_len == sizeof(struct sockaddr_rose) && addr->srose_ndigis > 1)
+ 		return -EINVAL;
+ 
+-	if (addr->srose_ndigis > ROSE_MAX_DIGIS)
++	if ((unsigned int) addr->srose_ndigis > ROSE_MAX_DIGIS)
+ 		return -EINVAL;
+ 
+ 	/* Source + Destination digis should not exceed ROSE_MAX_DIGIS */

Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny2	Mon Oct 25 02:20:32 2010	(r16481)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny2	Mon Oct 25 02:20:47 2010	(r16482)
@@ -2,3 +2,4 @@
 + bugfix/all/aio-check-for-multiplication-overflow-in-do_io_submit.patch
 + bugfix/all/cxgb3-prevent-reading-uninitialized-stack-memory.patch
 + bugfix/all/net-eql-prevent-reading-uninitialized-stack-memory.patch
++ bugfix/all/rose-fix-signedness-issues-wrt-digi-count.patch

