[kernel] r17289 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue May 3 05:58:34 UTC 2011
Author: dannf
Date: Tue May 3 05:58:33 2011
New Revision: 17289
Log:
can: Add missing socket check in can/bcm release (CVE-2011-1598)
Added:
dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
Modified:
dists/squeeze/linux-2.6/debian/changelog
dists/squeeze/linux-2.6/debian/patches/series/34
Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog Tue May 3 05:58:24 2011 (r17288)
+++ dists/squeeze/linux-2.6/debian/changelog Tue May 3 05:58:33 2011 (r17289)
@@ -67,6 +67,7 @@
* fs/partitions/ldm.c: fix oops caused by corrupted partition table
(CVE-2011-1017)
* mpt2sas: prevent heap overflows and unchecked reads (CVE-2011-1494)
+ * can: Add missing socket check in can/bcm release (CVE-2011-1598)
-- Ben Hutchings <ben at decadent.org.uk> Fri, 08 Apr 2011 01:13:01 +0100
Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch Tue May 3 05:58:33 2011 (r17289)
@@ -0,0 +1,32 @@
+commit c6914a6f261aca0c9f715f883a353ae7ff51fe83
+Author: Dave Jones <davej at redhat.com>
+Date: Tue Apr 19 20:36:59 2011 -0700
+
+ can: Add missing socket check in can/bcm release.
+
+ We can get here with a NULL socket argument passed from userspace,
+ so we need to handle it accordingly.
+
+ Signed-off-by: Dave Jones <davej at redhat.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/can/bcm.c b/net/can/bcm.c
+index 57b1aed..8a6a05e 100644
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -1427,9 +1427,14 @@ static int bcm_init(struct sock *sk)
+ static int bcm_release(struct socket *sock)
+ {
+ struct sock *sk = sock->sk;
+- struct bcm_sock *bo = bcm_sk(sk);
++ struct bcm_sock *bo;
+ struct bcm_op *op, *next;
+
++ if (sk == NULL)
++ return 0;
++
++ bo = bcm_sk(sk);
++
+ /* remove bcm_ops, timer, rx_unregister(), etc. */
+
+ unregister_netdevice_notifier(&bo->notifier);
Modified: dists/squeeze/linux-2.6/debian/patches/series/34
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/34 Tue May 3 05:58:24 2011 (r17288)
+++ dists/squeeze/linux-2.6/debian/patches/series/34 Tue May 3 05:58:33 2011 (r17289)
@@ -43,3 +43,4 @@
+ debian/powerpc-kexec-Avoid-ABI-change-in-2.6.32.34.patch
+ bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch
+ bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
++ bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
More information about the Kernel-svn-changes
mailing list