[Pkg-voip-commits] r6507 - in /zaptel/trunk/debian: changelog patches/fix_sync_validation patches/series
tzafrir-guest at alioth.debian.org
tzafrir-guest at alioth.debian.org
Tue Nov 25 21:39:35 UTC 2008
Author: tzafrir-guest
Date: Tue Nov 25 21:39:35 2008
New Revision: 6507
URL: http://svn.debian.org/wsvn/pkg-voip/?sc=1&rev=6507
Log:
Patch fix_sync_validation: Better ioctl input validation.
Added:
zaptel/trunk/debian/patches/fix_sync_validation
Modified:
zaptel/trunk/debian/changelog
zaptel/trunk/debian/patches/series
Modified: zaptel/trunk/debian/changelog
URL: http://svn.debian.org/wsvn/pkg-voip/zaptel/trunk/debian/changelog?rev=6507&op=diff
==============================================================================
--- zaptel/trunk/debian/changelog (original)
+++ zaptel/trunk/debian/changelog Tue Nov 25 21:39:35 2008
@@ -1,3 +1,9 @@
+zaptel (1:1.4.11~dfsg-4) UNRELEASED; urgency=low
+
+ * Patch fix_sync_validation: Better ioctl input validation.
+
+ -- Tzafrir Cohen <tzafrir.cohen at xorcom.com> Tue, 25 Nov 2008 23:33:00 +0200
+
zaptel (1:1.4.11~dfsg-3) unstable; urgency=low
* zaptel.init: exit on a different condition: Nicer handling of ztdummy.
Added: zaptel/trunk/debian/patches/fix_sync_validation
URL: http://svn.debian.org/wsvn/pkg-voip/zaptel/trunk/debian/patches/fix_sync_validation?rev=6507&op=file
==============================================================================
--- zaptel/trunk/debian/patches/fix_sync_validation (added)
+++ zaptel/trunk/debian/patches/fix_sync_validation Tue Nov 25 21:39:35 2008
@@ -1,0 +1,55 @@
+Don't trust input coming from the field 'sync' in the ioctl
+ZT_SPANCONFIG (e.g. the span "timing" in zaptel.conf)
+
+Upstream issue: http://bugs.digium.com/view.php?id=13954
+
+--- a/kernel/torisa.c
++++ b/kernel/torisa.c
+@@ -604,6 +604,11 @@ static int torisa_spanconfig(struct zt_s
+ if (debug)
+ printk("TorISA: Configuring span %d\n", span->spanno);
+
++ if ((lc->sync < 0) || (lc->sync >= 2)) {
++ printk(KERN_WARNING "%s %d: invalid span timing value %d.\n",
++ THIS_MODULE->name, span->spanno, lc->sync);
++ return -EINVAL;
++ }
+ span->syncsrc = syncsrc;
+
+ /* remove this span number from the current sync sources, if there */
+--- a/kernel/wcte11xp.c
++++ b/kernel/wcte11xp.c
+@@ -947,7 +947,7 @@ static int t1xxp_spanconfig(struct zt_sp
+ struct t1 *wc = span->pvt;
+
+ /* Do we want to SYNC on receive or not */
+- wc->sync = lc->sync;
++ wc->sync = (lc->sync) ? 1 : 0;
+ /* If already running, apply changes immediately */
+ if (span->flags & ZT_FLAG_RUNNING)
+ return t1xxp_startup(span);
+--- a/kernel/tor2.c
++++ b/kernel/tor2.c
+@@ -203,6 +203,11 @@ static int tor2_spanconfig(struct zt_spa
+ if (debug)
+ printk("Tor2: Configuring span %d\n", span->spanno);
+
++ if ((lc->sync < 0) || (lc->sync >= SPANS_PER_CARD)) {
++ printk(KERN_WARNING "%s %d: invalid span timing value %d.\n",
++ THIS_MODULE->name, span->spanno, lc->sync);
++ return -EINVAL;
++ }
+ span->syncsrc = p->tor->syncsrc;
+
+ /* remove this span number from the current sync sources, if there */
+--- a/kernel/wct1xxp.c
++++ b/kernel/wct1xxp.c
+@@ -739,7 +739,7 @@ static int t1xxp_spanconfig(struct zt_sp
+ struct t1xxp *wc = span->pvt;
+
+ /* Do we want to SYNC on receive or not */
+- wc->sync = lc->sync;
++ wc->sync = (lc->sync) ? 1 : 0;
+ /* If already running, apply changes immediately */
+ if (span->flags & ZT_FLAG_RUNNING)
+ return t1xxp_startup(span);
Modified: zaptel/trunk/debian/patches/series
URL: http://svn.debian.org/wsvn/pkg-voip/zaptel/trunk/debian/patches/series?rev=6507&op=diff
==============================================================================
--- zaptel/trunk/debian/patches/series (original)
+++ zaptel/trunk/debian/patches/series Tue Nov 25 21:39:35 2008
@@ -15,3 +15,4 @@
headers_2627
vzaphfc_proc_root_dir
wcte12xp_flags
+fix_sync_validation
More information about the Pkg-voip-commits
mailing list