[kernel] r17185 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Sun Apr 3 20:29:41 UTC 2011 

Author: dannf
Date: Sun Apr  3 20:29:30 2011
New Revision: 17185

Log:
net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified:
   dists/lenny-security/linux-2.6/debian/changelog

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Sun Apr  3 04:14:00 2011	(r17184)
+++ dists/lenny-security/linux-2.6/debian/changelog	Sun Apr  3 20:29:30 2011	(r17185)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.26-26lenny3) UNRELEASED; urgency=low
+
+  * net: clear heap allocations for privileged ethtool actions (CVE-2010-4655)
+
+ -- dann frazier <dannf at debian.org>  Wed, 30 Mar 2011 22:46:26 -0600
+
 linux-2.6 (2.6.26-26lenny2) stable-security; urgency=high
 
   [ dann frazier ]

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch	Sun Apr  3 20:29:30 2011	(r17185)
@@ -0,0 +1,30 @@
+commit b00916b189d13a615ff05c9242201135992fcda3
+Author: Kees Cook <kees.cook at canonical.com>
+Date:   Mon Oct 11 12:23:25 2010 -0700
+
+    net: clear heap allocations for privileged ethtool actions
+    
+    Several other ethtool functions leave heap uncleared (potentially) by
+    drivers. Some interfaces appear safe (eeprom, etc), in that the sizes
+    are well controlled. In some situations (e.g. unchecked error conditions),
+    the heap will remain unchanged in areas before copying back to userspace.
+    Note that these are less of an issue since these all require CAP_NET_ADMIN.
+    
+    Cc: stable at kernel.org
+    Signed-off-by: Kees Cook <kees.cook at canonical.com>
+    Acked-by: Ben Hutchings <bhutchings at solarflare.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+    [dannf: backported to Debian's 2.6.26]
+
+diff -urpN linux-source-2.6.26.orig/net/core/ethtool.c linux-source-2.6.26/net/core/ethtool.c
+--- linux-source-2.6.26.orig/net/core/ethtool.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/net/core/ethtool.c	2011-03-30 22:30:58.796187153 -0600
+@@ -226,7 +226,7 @@ static int ethtool_get_regs(struct net_d
+ 	if (regs.len > reglen)
+ 		regs.len = reglen;
+ 
+-	regbuf = kmalloc(reglen, GFP_USER);
++	regbuf = kzalloc(reglen, GFP_USER);
+ 	if (!regbuf)
+ 		return -ENOMEM;
+ 

Added: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Sun Apr  3 20:29:30 2011	(r17185)
@@ -0,0 +1 @@
++ bugfix/all/net-clear-heap-allocations-for-privileged-ethtool-actions.patch

More information about the Kernel-svn-changes mailing list