[linux] 02/02: rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sat Jun 11 05:27:13 UTC 2016 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch sid
in repository linux.

commit 95cba203d5ae5e9081db77344412b73b79979b71
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sat Jun 11 07:25:07 2016 +0200

    rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
---
 debian/changelog                                   |  1 +
 .../rds-fix-an-infoleak-in-rds_inc_info_copy.patch | 31 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 33 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 22c1515..54aba50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -123,6 +123,7 @@ linux (4.6.2-1) UNRELEASED; urgency=medium
     - ecryptfs: forbid opening files without mmap handler
     - sched: panic on corrupted stack end
   * tipc: fix an infoleak in tipc_nl_compat_link_dump (CVE-2016-5243)
+  * rds: fix an infoleak in rds_inc_info_copy (CVE-2016-5244)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Thu, 09 Jun 2016 02:56:01 +0100
 
diff --git a/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch b/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
new file mode 100644
index 0000000..fdc486b
--- /dev/null
+++ b/debian/patches/bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
@@ -0,0 +1,31 @@
+From: Kangjie Lu <kangjielu at gmail.com>
+Date: Thu, 2 Jun 2016 04:11:20 -0400
+Subject: rds: fix an infoleak in rds_inc_info_copy
+Origin: https://git.kernel.org/linus/4116def2337991b39919f3b448326e21c40e0dbb
+
+The last field "flags" of object "minfo" is not initialized.
+Copying this object out may leak kernel stack data.
+Assign 0 to it to avoid leak.
+
+Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
+Acked-by: Santosh Shilimkar <santosh.shilimkar at oracle.com>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/rds/recv.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/net/rds/recv.c b/net/rds/recv.c
+index c0be1ec..8413f6c 100644
+--- a/net/rds/recv.c
++++ b/net/rds/recv.c
+@@ -561,5 +561,7 @@ void rds_inc_info_copy(struct rds_incoming *inc,
+ 		minfo.fport = inc->i_hdr.h_dport;
+ 	}
+ 
++	minfo.flags = 0;
++
+ 	rds_info_copy(iter, &minfo, sizeof(minfo));
+ }
+-- 
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 1977441..0a43fd7 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -111,6 +111,7 @@ bugfix/all/proc-prevent-stacking-filesystems-on-top.patch
 bugfix/all/ecryptfs-forbid-opening-files-without-mmap-handler.patch
 bugfix/all/sched-panic-on-corrupted-stack-end.patch
 bugfix/all/tipc-fix-an-infoleak-in-tipc_nl_compat_link_dump.patch
+bugfix/all/rds-fix-an-infoleak-in-rds_inc_info_copy.patch
 
 # Tools bug fixes
 bugfix/all/usbip-document-tcp-wrappers.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list