[kernel] r17391 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed May 11 13:24:59 UTC 2011
Author: dannf
Date: Wed May 11 13:24:48 2011
New Revision: 17391
Log:
irda: validate peer name and attribute lengths (CVE-2011-1180)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch
- copied unchanged from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Wed May 11 12:04:55 2011 (r17390)
+++ dists/lenny-security/linux-2.6/debian/changelog Wed May 11 13:24:48 2011 (r17391)
@@ -17,6 +17,7 @@
* netfilter: ip_tables: fix infoleak to userspace (CVE-2011-1171)
* ipv6: netfilter: ip6_tables: fix infoleak to userspace (CVE-2011-1172)
* econet: 4 byte infoleak to the network (CVE-2011-1173)
+ * irda: validate peer name and attribute lengths (CVE-2011-1180)
[ Ben Hutchings ]
* [vserver] Complete fix for CVE-2010-4243 (Closes: #618485)
Copied: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch (from r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch Wed May 11 13:24:48 2011 (r17391, copy of r17187, dists/squeeze/linux-2.6/debian/patches/bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch)
@@ -0,0 +1,35 @@
+commit d370af0ef7951188daeb15bae75db7ba57c67846
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date: Sun Mar 20 15:32:06 2011 +0000
+
+ irda: validate peer name and attribute lengths
+
+ Length fields provided by a peer for names and attributes may be longer
+ than the destination array sizes. Validate lengths to prevent stack
+ buffer overflows.
+
+ Signed-off-by: Dan Rosenberg <drosenberg at vsecurity.com>
+ Cc: stable at kernel.org
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+
+diff --git a/net/irda/iriap.c b/net/irda/iriap.c
+index 5b743bd..3647753 100644
+--- a/net/irda/iriap.c
++++ b/net/irda/iriap.c
+@@ -656,10 +656,16 @@ static void iriap_getvaluebyclass_indication(struct iriap_cb *self,
+ n = 1;
+
+ name_len = fp[n++];
++
++ IRDA_ASSERT(name_len < IAS_MAX_CLASSNAME + 1, return;);
++
+ memcpy(name, fp+n, name_len); n+=name_len;
+ name[name_len] = '\0';
+
+ attr_len = fp[n++];
++
++ IRDA_ASSERT(attr_len < IAS_MAX_ATTRIBNAME + 1, return;);
++
+ memcpy(attr, fp+n, attr_len); n+=attr_len;
+ attr[attr_len] = '\0';
+
Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Wed May 11 12:04:55 2011 (r17390)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3 Wed May 11 13:24:48 2011 (r17391)
@@ -16,3 +16,4 @@
+ bugfix/all/netfilter-ip_tables-fix-infoleak-to-userspace.patch
+ bugfix/all/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch
+ bugfix/all/econet-4-byte-infoleak-to-the-network.patch
++ bugfix/all/irda-validate-peer-name-and-attribute-lengths.patch
More information about the Kernel-svn-changes
mailing list