[kernel] r16829 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jan 17 19:47:03 UTC 2011 

Author: dannf
Date: Mon Jan 17 19:46:59 2011
New Revision: 16829

Log:
econet: Fix crash in aun_incoming() (CVE-2010-4343)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny2

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Jan 17 19:41:52 2011	(r16828)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Jan 17 19:46:59 2011	(r16829)
@@ -17,6 +17,7 @@
   * econet: Disable auto-loading as mitigation against local exploits. This
     module has been shown to be broken, so this risk of this affecting
     real users is insignificant.
+  * econet: Fix crash in aun_incoming() (CVE-2010-4343)
 
   [ Moritz Muehlenhoff ]
   * blkback/blktap/netback: Fix CVE-2010-3699 	

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/econet-fix-crash-in-aun_incoming.patch	Mon Jan 17 19:46:59 2011	(r16829)
@@ -0,0 +1,36 @@
+commit 993a857ec1b32e3cd917020231e46bc502226960
+Author: David S. Miller <davem at davemloft.net>
+Date:   Wed Dec 8 18:42:23 2010 -0800
+
+    econet: Fix crash in aun_incoming().
+    
+    Unconditional use of skb->dev won't work here,
+    try to fetch the econet device via skb_dst()->dev
+    instead.
+    
+    Suggested by Eric Dumazet.
+    
+    Reported-by: Nelson Elhage <nelhage at ksplice.com>
+    Tested-by: Nelson Elhage <nelhage at ksplice.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+    [dannf: adjusted to apply to Debian's 2.6.26]
+
+diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
+index 70a161f..745e4c6 100644
+--- a/net/econet/af_econet.c
++++ b/net/econet/af_econet.c
+@@ -847,9 +847,13 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len)
+ {
+ 	struct iphdr *ip = ip_hdr(skb);
+ 	unsigned char stn = ntohl(ip->saddr) & 0xff;
++	struct dst_entry *dst = skb_dst(skb);
++	struct ec_device *edev = NULL;
+ 	struct sock *sk;
+ 	struct sk_buff *newskb;
+-	struct ec_device *edev = skb->dev->ec_ptr;
++
++	if (dst)
++		edev = dst->dev->ec_ptr;
+ 
+ 	if (! edev)
+ 		goto bad;

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny2	Mon Jan 17 19:41:52 2011	(r16828)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny2	Mon Jan 17 19:46:59 2011	(r16829)
@@ -14,3 +14,4 @@
 + bugfix/all/scm-lower-SCM_MAX_FD.patch
 + bugfix/all/do_exit-make-sure-that-we-run-with-get_fs-USER_DS.patch
 + debian/econet-Disable-auto-loading-as-mitigation-against-lo.patch
++ bugfix/all/econet-fix-crash-in-aun_incoming.patch

More information about the Kernel-svn-changes mailing list