[kernel] r17605 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Mon Jun 6 01:21:32 UTC 2011 

Author: dannf
Date: Mon Jun  6 01:21:31 2011
New Revision: 17605

Log:
can: Add missing socket check in can/bcm release (CVE-2011-1598)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
      - copied unchanged from r17590, dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 01:20:33 2011	(r17604)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Jun  6 01:21:31 2011	(r17605)
@@ -34,6 +34,7 @@
   * sound/oss: remove offset from load_patch callbacks (CVE-2011-1476)
   * ROSE: prevent heap corruption with bad facilities (CVE-2011-1493)
   * next_pidmap: fix overflow condition (CVE-2011-1593)
+  * can: Add missing socket check in can/bcm release (CVE-2011-1598)
 
   [ Ben Hutchings ]
   * [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)

Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch (from r17590, dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch)
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch	Mon Jun  6 01:21:31 2011	(r17605, copy of r17590, dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch)
@@ -0,0 +1,32 @@
+commit c6914a6f261aca0c9f715f883a353ae7ff51fe83
+Author: Dave Jones <davej at redhat.com>
+Date:   Tue Apr 19 20:36:59 2011 -0700
+
+    can: Add missing socket check in can/bcm release.
+    
+    We can get here with a NULL socket argument passed from userspace,
+    so we need to handle it accordingly.
+    
+    Signed-off-by: Dave Jones <davej at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/can/bcm.c b/net/can/bcm.c
+index 57b1aed..8a6a05e 100644
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -1427,9 +1427,14 @@ static int bcm_init(struct sock *sk)
+ static int bcm_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+-	struct bcm_sock *bo = bcm_sk(sk);
++	struct bcm_sock *bo;
+ 	struct bcm_op *op, *next;
+ 
++	if (sk == NULL)
++		return 0;
++
++	bo = bcm_sk(sk);
++
+ 	/* remove bcm_ops, timer, rx_unregister(), etc. */
+ 
+ 	unregister_netdevice_notifier(&bo->notifier);

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 01:20:33 2011	(r17604)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Jun  6 01:21:31 2011	(r17605)
@@ -32,3 +32,4 @@
 + bugfix/all/rose-prevent-heap-corruption-with-bad-facilities.patch
 + bugfix/all/next_pidmap-fix-overflow-condition.patch
 + bugfix/all/proc-do-proper-range-check-on-readdir-offset.patch
++ bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch

More information about the Kernel-svn-changes mailing list