[linux] 02/02: rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sat Jun 11 05:27:13 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 95cba203d5ae5e9081db77344412b73b79979b71
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sat Jun 11 07:25:07 2016 +0200
rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
---
debian/changelog | 1 +
.../rds-fix-an-infoleak-in-rds_inc_info_copy.patch | 31 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 33 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 22c1515..54aba50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -123,6 +123,7 @@ linux (4.6.2-1) UNRELEASED; urgency=medium
- ecryptfs: forbid opening files without mmap handler
- sched: panic on corrupted stack end
* tipc: fix an infoleak in tipc_nl_compat_link_dump (CVE-2016-5243)
+ * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
-- Ben Hutchings <ben at decadent.org.uk> Thu, 09 Jun 2016 02:56:01 +0100
diff --git a/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch b/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
new file mode 100644
index 0000000..fdc486b
--- /dev/null
+++ b/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
@@ -0,0 +1,31 @@
+From: Kangjie Lu <kangjielu at gmail.com>
+Date: Thu, 2 Jun 2016 04:11:20 -0400
+Subject: rds: fix an infoleak in rds_inc_info_copy
+Origin: https://git.kernel.org/linus/4116def2337991b39919f3b448326e21c40e0dbb
+
+The last field "flags" of object "minfo" is not initialized.
+Copying this object out may leak kernel stack data.
+Assign 0 to it to avoid leak.
+
+Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
+Acked-by: Santosh Shilimkar <santosh.shilimkar at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/rds/recv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/net/rds/recv.c b/net/rds/recv.c
+index c0be1ec..8413f6c 100644
+--- a/net/rds/recv.c
++++ b/net/rds/recv.c
+@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc,
+ minfo.fport = inc->i_hdr.h_dport;
+ }
+
++ minfo.flags = 0;
++
+ rds_info_copy(iter, &minfo, sizeof(minfo));
+ }
+--
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 1977441..0a43fd7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -111,6 +111,7 @@ bugfix/all/proc-prevent-stacking-filesystems-on-top.patch
bugfix/all/ecryptfs-forbid-opening-files-without-mmap-handler.patch
bugfix/all/sched-panic-on-corrupted-stack-end.patch
bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
+bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
# Tools bug fixes
bugfix/all/usbip-document-tcp-wrappers.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list