[linux] 01/01: tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Sat May 21 14:55:04 UTC 2016
This is an automated email from the git hooks/post-receive script.
carnil pushed a commit to branch sid
in repository linux.
commit 342ba3d57d1f27c9cde461b27fb40a137ca0e75b
Author: Salvatore Bonaccorso <carnil at debian.org>
Date: Sat May 21 16:46:12 2016 +0200
tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
---
debian/changelog | 7 +++++
...-nl-sock-before-parsing-nested-attributes.patch | 36 ++++++++++++++++++++++
debian/patches/series | 1 +
3 files changed, 44 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 84cdb02..5f83fb7 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+linux (4.5.4-2) UNRELEASED; urgency=medium
+
+ [ Salvatore Bonaccorso ]
+ * tipc: check nl sock before parsing nested attributes (CVE-2016-4951)
+
+ -- Salvatore Bonaccorso <carnil at debian.org> Sat, 21 May 2016 16:47:59 +0200
+
linux (4.5.4-1) unstable; urgency=medium
* New upstream stable update:
diff --git a/debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch b/debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
new file mode 100644
index 0000000..934147d
--- /dev/null
+++ b/debian/patches/bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
@@ -0,0 +1,36 @@
+From: Richard Alpe <richard.alpe at ericsson.com>
+Date: Mon, 16 May 2016 11:14:54 +0200
+Subject: tipc: check nl sock before parsing nested attributes
+Origin: https://git.kernel.org/linus/45e093ae2830cd1264677d47ff9a95a71f5d9f9c
+
+Make sure the socket for which the user is listing publication exists
+before parsing the socket netlink attributes.
+
+Prior to this patch a call without any socket caused a NULL pointer
+dereference in tipc_nl_publ_dump().
+
+Tested-and-reported-by: Baozeng Ding <sploving1 at gmail.com>
+Signed-off-by: Richard Alpe <richard.alpe at ericsson.com>
+Acked-by: Jon Maloy <jon.maloy at ericsson.cm>
+Signed-off-by: David S. Miller <davem at davemloft.net>
+---
+ net/tipc/socket.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/net/tipc/socket.c b/net/tipc/socket.c
+index 1262889..3b7a799 100644
+--- a/net/tipc/socket.c
++++ b/net/tipc/socket.c
+@@ -2853,6 +2853,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
+ if (err)
+ return err;
+
++ if (!attrs[TIPC_NLA_SOCK])
++ return -EINVAL;
++
+ err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
+ attrs[TIPC_NLA_SOCK],
+ tipc_nl_sock_policy);
+--
+2.8.1
+
diff --git a/debian/patches/series b/debian/patches/series
index a89d5d3..69435f6 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -145,6 +145,7 @@ bugfix/all/do_splice_to-cap-the-size-before-passing-to-splice_r.patch
bugfix/all/crypto-hash-fix-page-length-clamping-in-hash-walk.patch
bugfix/all/get_rock_ridge_filename-handle-malformed-nm-entries.patch
bugfix/all/KVM-MTRR-remove-MSR-0x2f8.patch
+bugfix/all/tipc-check-nl-sock-before-parsing-nested-attributes.patch
# ABI maintenance
debian/ib-fix-abi-change-in-4.5.3.patch
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list