[kernel] r17289 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue May 3 05:58:34 UTC 2011 

Author: dannf
Date: Tue May  3 05:58:33 2011
New Revision: 17289

Log:
can: Add missing socket check in can/bcm release (CVE-2011-1598)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/34

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Tue May  3 05:58:24 2011	(r17288)
+++ dists/squeeze/linux-2.6/debian/changelog	Tue May  3 05:58:33 2011	(r17289)
@@ -67,6 +67,7 @@
   * fs/partitions/ldm.c: fix oops caused by corrupted partition table
     (CVE-2011-1017)
   * mpt2sas: prevent heap overflows and unchecked reads (CVE-2011-1494)
+  * can: Add missing socket check in can/bcm release (CVE-2011-1598)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Fri, 08 Apr 2011 01:13:01 +0100
 

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch	Tue May  3 05:58:33 2011	(r17289)
@@ -0,0 +1,32 @@
+commit c6914a6f261aca0c9f715f883a353ae7ff51fe83
+Author: Dave Jones <davej at redhat.com>
+Date:   Tue Apr 19 20:36:59 2011 -0700
+
+    can: Add missing socket check in can/bcm release.
+    
+    We can get here with a NULL socket argument passed from userspace,
+    so we need to handle it accordingly.
+    
+    Signed-off-by: Dave Jones <davej at redhat.com>
+    Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/can/bcm.c b/net/can/bcm.c
+index 57b1aed..8a6a05e 100644
+--- a/net/can/bcm.c
++++ b/net/can/bcm.c
+@@ -1427,9 +1427,14 @@ static int bcm_init(struct sock *sk)
+ static int bcm_release(struct socket *sock)
+ {
+ 	struct sock *sk = sock->sk;
+-	struct bcm_sock *bo = bcm_sk(sk);
++	struct bcm_sock *bo;
+ 	struct bcm_op *op, *next;
+ 
++	if (sk == NULL)
++		return 0;
++
++	bo = bcm_sk(sk);
++
+ 	/* remove bcm_ops, timer, rx_unregister(), etc. */
+ 
+ 	unregister_netdevice_notifier(&bo->notifier);

Modified: dists/squeeze/linux-2.6/debian/patches/series/34
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/34	Tue May  3 05:58:24 2011	(r17288)
+++ dists/squeeze/linux-2.6/debian/patches/series/34	Tue May  3 05:58:33 2011	(r17289)
@@ -43,3 +43,4 @@
 + debian/powerpc-kexec-Avoid-ABI-change-in-2.6.32.34.patch
 + bugfix/all/partitions-ldm-fix-oops-caused-by-corrupted-partition-table.patch
 + bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
++ bugfix/all/can-add-missing-socket-check-in-can+bcm-release.patch

More information about the Kernel-svn-changes mailing list