[kernel] r17609 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Jun 6 01:26:23 UTC 2011
Author: dannf
Date: Mon Jun 6 01:26:22 2011
New Revision: 17609
Log:
can: Add missing socket check in can/raw release (CVE-2011-1748)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
- copied unchanged from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Mon Jun 6 01:25:23 2011 (r17608)
+++ dists/lenny-security/linux-2.6/debian/changelog Mon Jun 6 01:26:22 2011 (r17609)
@@ -37,6 +37,7 @@
* can: Add missing socket check in can/bcm release (CVE-2011-1598)
* agp: fix arbitrary kernel memory writes (CVE-2011-1745)
* agp: fix OOM and buffer overflow (CVE-2011-1746)
+ * can: Add missing socket check in can/raw release (CVE-2011-1748)
[ Ben Hutchings ]
* [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch (from r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch Mon Jun 6 01:26:22 2011 (r17609, copy of r17590, dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch)
@@ -0,0 +1,34 @@
+commit 10022a6c66e199d8f61d9044543f38785713cbbd
+Author: Oliver Hartkopp <socketcan at hartkopp.net>
+Date: Wed Apr 20 01:57:15 2011 +0000
+
+ can: add missing socket check in can/raw release
+
+ v2: added space after 'if' according code style.
+
+ We can get here with a NULL socket argument passed from userspace,
+ so we need to handle it accordingly.
+
+ Thanks to Dave Jones pointing at this issue in net/can/bcm.c
+
+ Signed-off-by: Oliver Hartkopp <socketcan at hartkopp.net>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/can/raw.c b/net/can/raw.c
+index 649acfa..0eb39a7 100644
+--- a/net/can/raw.c
++++ b/net/can/raw.c
+@@ -305,7 +305,12 @@ static int raw_init(struct sock *sk)
+ static int raw_release(struct socket *sock)
+ {
+ struct sock *sk = sock->sk;
+- struct raw_sock *ro = raw_sk(sk);
++ struct raw_sock *ro;
++
++ if (!sk)
++ return 0;
++
++ ro = raw_sk(sk);
+
+ unregister_netdevice_notifier(&ro->notifier);
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Jun 6 01:25:23 2011 (r17608)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Mon Jun 6 01:26:22 2011 (r17609)
@@ -35,3 +35,5 @@
+ bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
+ bugfix/all/agp-fix-arbitrary-kernel-memory-writes.patch
+ bugfix/all/agp-fix-OOM-and-buffer-overflow.patch
++ bugfix/all/can-add-missing-socket-check-in-can+raw-release.patch
+
More information about the Kernel-svn-changes
mailing list