[kernel] r21616 - in dists/wheezy-security/linux/debian: . patches patches/bugfix/all

Ben Hutchings benh at moszumanska.debian.org
Tue Jul 22 23:12:04 UTC 2014 

Author: benh
Date: Tue Jul 22 23:12:04 2014
New Revision: 21616

Log:
net/l2tp: don't fall back on UDP [get|set]sockopt (CVE-2014-4943)

Added:
   dists/wheezy-security/linux/debian/patches/bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch
Modified:
   dists/wheezy-security/linux/debian/changelog
   dists/wheezy-security/linux/debian/patches/series

Modified: dists/wheezy-security/linux/debian/changelog
==============================================================================
--- dists/wheezy-security/linux/debian/changelog	Tue Jul 22 21:55:20 2014	(r21615)
+++ dists/wheezy-security/linux/debian/changelog	Tue Jul 22 23:12:04 2014	(r21616)
@@ -1,3 +1,9 @@
+linux (3.2.60-1+deb7u3) UNRELEASED; urgency=medium
+
+  * net/l2tp: don't fall back on UDP [get|set]sockopt (CVE-2014-4943)
+
+ -- Ben Hutchings <ben at decadent.org.uk>  Wed, 23 Jul 2014 00:10:57 +0100
+
 linux (3.2.60-1+deb7u2) wheezy-security; urgency=medium
 
   * Revert "net: ipv4: ip_forward: fix inverted local_df test"

Added: dists/wheezy-security/linux/debian/patches/bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch	Tue Jul 22 23:12:04 2014	(r21616)
@@ -0,0 +1,49 @@
+From: Sasha Levin <sasha.levin at oracle.com>
+Date: Mon, 14 Jul 2014 17:02:31 -0700
+Subject: net/l2tp: don't fall back on UDP [get|set]sockopt
+Origin: https://git.kernel.org/linus/3cf521f7dc87c031617fd47e4b7aa2593c2f3daf
+
+The l2tp [get|set]sockopt() code has fallen back to the UDP functions
+for socket option levels != SOL_PPPOL2TP since day one, but that has
+never actually worked, since the l2tp socket isn't an inet socket.
+
+As David Miller points out:
+
+  "If we wanted this to work, it'd have to look up the tunnel and then
+   use tunnel->sk, but I wonder how useful that would be"
+
+Since this can never have worked so nobody could possibly have depended
+on that functionality, just remove the broken code and return -EINVAL.
+
+Reported-by: Sasha Levin <sasha.levin at oracle.com>
+Acked-by: James Chapman <jchapman at katalix.com>
+Acked-by: David Miller <davem at davemloft.net>
+Cc: Phil Turnbull <phil.turnbull at oracle.com>
+Cc: Vegard Nossum <vegard.nossum at oracle.com>
+Cc: Willy Tarreau <w at 1wt.eu>
+Cc: stable at vger.kernel.org
+Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+---
+ net/l2tp/l2tp_ppp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/net/l2tp/l2tp_ppp.c
++++ b/net/l2tp/l2tp_ppp.c
+@@ -1351,7 +1351,7 @@ static int pppol2tp_setsockopt(struct so
+ 	int err;
+ 
+ 	if (level != SOL_PPPOL2TP)
+-		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
++		return -EINVAL;
+ 
+ 	if (optlen < sizeof(int))
+ 		return -EINVAL;
+@@ -1477,7 +1477,7 @@ static int pppol2tp_getsockopt(struct so
+ 	struct pppol2tp_session *ps;
+ 
+ 	if (level != SOL_PPPOL2TP)
+-		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
++		return -EINVAL;
+ 
+ 	if (get_user(len, (int __user *) optlen))
+ 		return -EFAULT;

Modified: dists/wheezy-security/linux/debian/patches/series
==============================================================================
--- dists/wheezy-security/linux/debian/patches/series	Tue Jul 22 21:55:20 2014	(r21615)
+++ dists/wheezy-security/linux/debian/patches/series	Tue Jul 22 23:12:04 2014	(r21616)
@@ -1140,3 +1140,4 @@
 
 bugfix/all/revert-net-ipv4-ip_forward-fix-inverted-local_df-tes.patch
 bugfix/all/revert-net-ip-ipv6-handle-gso-skbs-in-forwarding-pat.patch
+bugfix/all/net-l2tp-don-t-fall-back-on-UDP-get-set-sockopt.patch

More information about the Kernel-svn-changes mailing list