[kernel] r17436 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue May 17 08:02:21 UTC 2011
Author: dannf
Date: Tue May 17 08:02:09 2011
New Revision: 17436
Log:
gre: fix netns vs proto registration ordering (CVE-2011-1767)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Tue May 17 07:22:37 2011 (r17435)
+++ dists/squeeze-security/linux-2.6/debian/changelog Tue May 17 08:02:09 2011 (r17436)
@@ -5,6 +5,7 @@
- cifs: clean up cifs_find_smb_ses
- cifs: fix NULL pointer dereference in cifs_find_smb_ses
- cifs: check for NULL session password
+ * gre: fix netns vs proto registration ordering (CVE-2011-1767)
-- dann frazier <dannf at debian.org> Tue, 17 May 2011 00:41:07 -0600
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch Tue May 17 08:02:09 2011 (r17436)
@@ -0,0 +1,65 @@
+commit c2892f02712e9516d72841d5c019ed6916329794
+Author: Alexey Dobriyan <adobriyan at gmail.com>
+Date: Tue Feb 16 07:57:44 2010 +0000
+
+ gre: fix netns vs proto registration ordering
+
+ GRE protocol receive hook can be called right after protocol addition is done.
+ If netns stuff is not yet initialized, we're going to oops in
+ net_generic().
+
+ This is remotely oopsable if ip_gre is compiled as module and packet
+ comes at unfortunate moment of module loading.
+
+ Signed-off-by: Alexey Dobriyan <adobriyan at gmail.com>
+ Signed-off-by: David S. Miller <davem at davemloft.net>
+ [dannf: backported to Debian's 2.6.32]
+
+diff -urpN linux-source-2.6.32.orig/net/ipv4/ip_gre.c linux-source-2.6.32/net/ipv4/ip_gre.c
+--- linux-source-2.6.32.orig/net/ipv4/ip_gre.c 2011-05-03 09:29:08.000000000 -0600
++++ linux-source-2.6.32/net/ipv4/ip_gre.c 2011-05-17 01:27:46.115601639 -0600
+@@ -1665,14 +1665,15 @@ static int __init ipgre_init(void)
+
+ printk(KERN_INFO "GRE over IPv4 tunneling driver\n");
+
+- if (inet_add_protocol(&ipgre_protocol, IPPROTO_GRE) < 0) {
+- printk(KERN_INFO "ipgre init: can't add protocol\n");
+- return -EAGAIN;
+- }
+-
+ err = register_pernet_gen_device(&ipgre_net_id, &ipgre_net_ops);
+ if (err < 0)
+- goto gen_device_failed;
++ return err;
++
++ err = inet_add_protocol(&ipgre_protocol, IPPROTO_GRE);
++ if (err < 0) {
++ printk(KERN_INFO "ipgre init: can't add protocol\n");
++ goto add_proto_failed;
++ }
+
+ err = rtnl_link_register(&ipgre_link_ops);
+ if (err < 0)
+@@ -1688,9 +1689,9 @@ out:
+ tap_ops_failed:
+ rtnl_link_unregister(&ipgre_link_ops);
+ rtnl_link_failed:
+- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+-gen_device_failed:
+ inet_del_protocol(&ipgre_protocol, IPPROTO_GRE);
++add_proto_failed:
++ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ goto out;
+ }
+
+@@ -1698,9 +1699,9 @@ static void __exit ipgre_fini(void)
+ {
+ rtnl_link_unregister(&ipgre_tap_ops);
+ rtnl_link_unregister(&ipgre_link_ops);
+- unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ if (inet_del_protocol(&ipgre_protocol, IPPROTO_GRE) < 0)
+ printk(KERN_INFO "ipgre close: can't remove protocol\n");
++ unregister_pernet_gen_device(ipgre_net_id, &ipgre_net_ops);
+ }
+
+ module_init(ipgre_init);
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1 Tue May 17 07:22:37 2011 (r17435)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/34squeeze1 Tue May 17 08:02:09 2011 (r17436)
@@ -2,3 +2,4 @@
+ bugfix/all/cifs-clean-up-cifs_find_smb_ses.patch
+ bugfix/all/cifs-fix-NULL-pointer-dereference-in-cifs_find_smb_ses.patch
+ bugfix/all/cifs-check-for-NULL-session-password.patch
++ bugfix/all/gre-fix-netns-vs-proto-registration-ordering.patch
More information about the Kernel-svn-changes
mailing list