[linux] 01/01: net: fix infoleak in llc (CVE-2016-4485)

debian-kernel at lists.debian.org debian-kernel at lists.debian.org
Sun May 15 18:07:28 UTC 2016 

This is an automated email from the git hooks/post-receive script.

carnil pushed a commit to branch sid
in repository linux.

commit 88ec3673ad65899031d62d8345ca9ea53f06becd
Author: Salvatore Bonaccorso <carnil at debian.org>
Date:   Sun May 15 20:02:19 2016 +0200

    net: fix infoleak in llc (CVE-2016-4485)
---
 debian/changelog                                   |  1 +
 .../bugfix/all/net-fix-infoleak-in-llc.patch       | 32 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 3 files changed, 34 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 0194b04..1e9d7bc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -103,6 +103,7 @@ linux (4.5.4-1) UNRELEASED; urgency=medium
 
   [ Salvatore Bonaccorso ]
   * KEYS: Fix ASN.1 indefinite length object parsing (CVE-2016-0758)
+  * net: fix infoleak in llc (CVE-2016-4485)
 
   [ Ben Hutchings ]
   * gencontrol.py: Fix implementation of [packages]tools config option,
diff --git a/debian/patches/bugfix/all/net-fix-infoleak-in-llc.patch b/debian/patches/bugfix/all/net-fix-infoleak-in-llc.patch
new file mode 100644
index 0000000..ab03436
--- /dev/null
+++ b/debian/patches/bugfix/all/net-fix-infoleak-in-llc.patch
@@ -0,0 +1,32 @@
+From b8670c09f37bdf2847cc44f36511a53afc6161fd Mon Sep 17 00:00:00 2001
+From: Kangjie Lu <kangjielu at gmail.com>
+Date: Tue, 3 May 2016 16:35:05 -0400
+Subject: [PATCH] net: fix infoleak in llc
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+The stack object “info” has a total size of 12 bytes. Its last byte
+is padding which is not initialized and leaked via “put_cmsg”.
+
+Signed-off-by: Kangjie Lu <kjlu at gatech.edu>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/llc/af_llc.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
+index b3c52e3..8ae3ed9 100644
+--- a/net/llc/af_llc.c
++++ b/net/llc/af_llc.c
+@@ -626,6 +626,7 @@ static void llc_cmsg_rcv(struct msghdr *msg, struct sk_buff *skb)
+ 	if (llc->cmsg_flags & LLC_CMSG_PKTINFO) {
+ 		struct llc_pktinfo info;
+ 
++		memset(&info, 0, sizeof(info));
+ 		info.lpi_ifindex = llc_sk(skb->sk)->dev->ifindex;
+ 		llc_pdu_decode_dsap(skb, &info.lpi_sap);
+ 		llc_pdu_decode_da(skb, info.lpi_mac);
+-- 
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index 65d8a3b..12b0f39 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -136,6 +136,7 @@ bugfix/all/bpf-fix-double-fdput-in-replace_map_fd_with_map_ptr.patch
 bugfix/all/bpf-fix-refcnt-overflow.patch
 bugfix/all/bpf-fix-check_map_func_compatibility-logic.patch
 bugfix/all/KEYS-Fix-ASN.1-indefinite-length-object-parsing.patch
+bugfix/all/net-fix-infoleak-in-llc.patch
 
 # ABI maintenance
 debian/ib-fix-abi-change-in-4.5.3.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git

More information about the Kernel-svn-changes mailing list