[kernel] r17884 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Aug 4 05:27:44 UTC 2011 

Author: dannf
Date: Thu Aug  4 05:27:42 2011
New Revision: 17884

Log:
net: Fix memory leak/corruption on VLAN GRO_DROP (CVE-2011-1576)

Added:
   dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch
Modified:
   dists/squeeze-security/linux-2.6/debian/changelog
   dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1

Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog	Thu Aug  4 04:07:13 2011	(r17883)
+++ dists/squeeze-security/linux-2.6/debian/changelog	Thu Aug  4 05:27:42 2011	(r17884)
@@ -1,6 +1,7 @@
 linux-2.6 (2.6.32-35squeeze1) UNRELEASED; urgency=high
 
   * Fix regression in fix for CVE-2011-1768 (Closes: #633738)
+  * net: Fix memory leak/corruption on VLAN GRO_DROP (CVE-2011-1576)
 
  -- dann frazier <dannf at debian.org>  Thu, 21 Jul 2011 00:31:53 -0600
 

Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch	Thu Aug  4 05:27:42 2011	(r17884)
@@ -0,0 +1,30 @@
+This bug used to exist upstream as well, but was fixed when the
+VLAN code path was restructured in 2010.
+
+The approach here is different from upstream in order to minimise
+the effect on the code.
+
+net: Fix memory leak/corruption on VLAN GRO_DROP
+
+The function napi_reuse_skb is only meant to be used for packets
+merged by GRO.  Using it on the VLAN path will lead to memory
+leaks/corruption.  This patch is based on Jay Vosburgh's patch,
+and it fixes the problem by calling kfree_skb on the VLAN GRO_DROP
+path instead of napi_reuse_skb.
+
+Signed-off-by: Herbert Xu <herbert at gondor.apana.org.au>
+[dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/net/core/dev.c linux-source-2.6.32/net/core/dev.c
+--- linux-source-2.6.32.orig/net/core/dev.c	2011-06-11 13:10:41.000000000 -0600
++++ linux-source-2.6.32/net/core/dev.c	2011-08-03 22:42:37.774288259 -0600
+@@ -2650,6 +2650,9 @@ gro_result_t napi_frags_finish(struct na
+ 		break;
+ 
+ 	case GRO_DROP:
++		kfree_skb(skb);
++		break;
++
+ 	case GRO_MERGED_FREE:
+ 		napi_reuse_skb(napi, skb);
+ 		break;

Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1	Thu Aug  4 04:07:13 2011	(r17883)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1	Thu Aug  4 05:27:42 2011	(r17884)
@@ -1 +1,2 @@
 + bugfix/all/tunnels-fix-netns-vs-proto-registration-ordering-regression-fix.patch
++ bugfix/all/net-fix-memory-leak+corruption-on-VLAN-GRO_DROP.patch

More information about the Kernel-svn-changes mailing list