[kernel] r16930 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 21 19:55:23 UTC 2011
Author: dannf
Date: Mon Feb 21 19:55:17 2011
New Revision: 16930
Log:
CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565)
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch
Modified:
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/31
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Mon Feb 21 19:55:00 2011 (r16929)
+++ dists/squeeze/linux-2.6/debian/changelog Mon Feb 21 19:55:17 2011 (r16930)
@@ -35,6 +35,7 @@
* xfs: fix information leak using stale NFS handle (CVE-2010-2943)
* av7110: check for negative array offset (CVE-2011-0521)
* s390: remove task_show_regs (CVE-2011-0710)
+ * CAN: Use inode instead of kernel address for /proc file (CVE-2010-4565)
[ maximilian attems]
* Update openvz patch to 07aaa2e9fb25 (ipv6, checkpointing, stability,
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch Mon Feb 21 19:55:17 2011 (r16930)
@@ -0,0 +1,38 @@
+commit 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Sun Dec 26 06:54:53 2010 +0000
+
+ CAN: Use inode instead of kernel address for /proc file
+
+ Since the socket address is just being used as a unique identifier, its
+ inode number is an alternative that does not leak potentially sensitive
+ information.
+
+ CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue.
+
+ Signed-off-by: Dan Rosenberg <drosenberg at vsecurity.com>
+ Acked-by: Oliver Hartkopp <socketcan at hartkopp.net>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/can/bcm.c b/net/can/bcm.c
+index 6faa825..9d5e8ac 100644
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -125,7 +125,7 @@ struct bcm_sock {
+ struct list_head tx_ops;
+ unsigned long dropped_usr_msgs;
+ struct proc_dir_entry *bcm_proc_read;
+- char procname [20]; /* pointer printed in ASCII with \0 */
++ char procname [32]; /* inode number in decimal with \0 */
+ };
+
+ static inline struct bcm_sock *bcm_sk(const struct sock *sk)
+@@ -1521,7 +1521,7 @@ static int bcm_connect(struct socket *sock, struct sockaddr *uaddr, int len,
+
+ if (proc_dir) {
+ /* unique socket address as filename */
+- sprintf(bo->procname, "%p", sock);
++ sprintf(bo->procname, "%lu", sock_i_ino(sk));
+ bo->bcm_proc_read = proc_create_data(bo->procname, 0644,
+ proc_dir,
+ &bcm_proc_fops, sk);
Modified: dists/squeeze/linux-2.6/debian/patches/series/31
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/31 Mon Feb 21 19:55:00 2011 (r16929)
+++ dists/squeeze/linux-2.6/debian/patches/series/31 Mon Feb 21 19:55:17 2011 (r16930)
@@ -34,3 +34,4 @@
+ bugfix/all/virtio_net-Add-schedule-check-to-napi_enable-call.patch
+ debian/revert-radio-aimslab-gcc4.5-fix-in-2.6.32.29.patch
+ bugfix/s390/remove-task_show_regs.patch
++ bugfix/all/can-use-inode-instead-of-kernel-address-for-proc-file.patch
More information about the Kernel-svn-changes
mailing list