Gentoo Archives: gentoo-commits

From: "Tom Wijsman (tomwij)" <tomwij@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] linux-patches r2296 - in genpatches-2.6/trunk: 3.5 3.6
Date: Thu, 28 Feb 2013 20:36:13
Message-Id: 20130228203608.C55F52171D@flycatcher.gentoo.org
1 Author: tomwij
2 Date: 2013-02-28 20:35:05 +0000 (Thu, 28 Feb 2013)
3 New Revision: 2296
4
5 Added:
6 genpatches-2.6/trunk/3.5/1500_sock-diag-out-of-bounds.patch
7 genpatches-2.6/trunk/3.6/1500_sock-diag-out-of-bounds.patch
8 Modified:
9 genpatches-2.6/trunk/3.5/0000_README
10 genpatches-2.6/trunk/3.6/0000_README
11 Log:
12 Backport of 1500_sock-diag-out-of-bounds.patch to branches 3.5 and 3.6, bug #459124. - (CVE-2013-1763) sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
13
14 Modified: genpatches-2.6/trunk/3.5/0000_README
15 ===================================================================
16 --- genpatches-2.6/trunk/3.5/0000_README 2013-02-28 20:10:34 UTC (rev 2295)
17 +++ genpatches-2.6/trunk/3.5/0000_README 2013-02-28 20:35:05 UTC (rev 2296)
18 @@ -68,6 +68,10 @@
19 From: http://www.kernel.org
20 Desc: Linux 3.5.7
21
22 +Patch: 1500_sock-diag-out-of-bounds.patch
23 +From: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=commit;h=314561f4fe77ffad1b560a10cdfb3b6fdc731a74
24 +Desc: (CVE-2013-1763) sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
25 +
26 Patch: 2400_kcopy-patch-for-infiniband-driver.patch
27 From: Alexey Shvetsov <alexxy@g.o>
28 Desc: Zero copy for infiniband psm userspace driver
29
30 Added: genpatches-2.6/trunk/3.5/1500_sock-diag-out-of-bounds.patch
31 ===================================================================
32 --- genpatches-2.6/trunk/3.5/1500_sock-diag-out-of-bounds.patch (rev 0)
33 +++ genpatches-2.6/trunk/3.5/1500_sock-diag-out-of-bounds.patch 2013-02-28 20:35:05 UTC (rev 2296)
34 @@ -0,0 +1,16 @@
35 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-stable.git;a=blobdiff_plain;f=net%2Fcore%2Fsock_diag.c;h=750f44f3aa3117b578af1377ff07abb79032a612;hp=602cd637182ebb321af6773d2ccfe9a8945d44c5;hb=314561f4fe77ffad1b560a10cdfb3b6fdc731a74;hpb=ca2656dccef64c437d6717468bffd3762b11816e
36 +
37 +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
38 +index 602cd63..750f44f 100644
39 +--- a/net/core/sock_diag.c
40 ++++ b/net/core/sock_diag.c
41 +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
42 + if (nlmsg_len(nlh) < sizeof(*req))
43 + return -EINVAL;
44 +
45 ++ if (req->sdiag_family >= AF_MAX)
46 ++ return -EINVAL;
47 ++
48 + hndl = sock_diag_lock_handler(req->sdiag_family);
49 + if (hndl == NULL)
50 + err = -ENOENT;
51
52 Modified: genpatches-2.6/trunk/3.6/0000_README
53 ===================================================================
54 --- genpatches-2.6/trunk/3.6/0000_README 2013-02-28 20:10:34 UTC (rev 2295)
55 +++ genpatches-2.6/trunk/3.6/0000_README 2013-02-28 20:35:05 UTC (rev 2296)
56 @@ -83,6 +83,10 @@
57 From: http://www.kernel.org
58 Desc: Linux 3.6.11
59
60 +Patch: 1500_sock-diag-out-of-bounds.patch
61 +From: http://git.kernel.org/?p=linux/kernel/git/stable/linux-stable.git;a=commit;h=314561f4fe77ffad1b560a10cdfb3b6fdc731a74
62 +Desc: (CVE-2013-1763) sock_diag: Fix out-of-bounds access to sock_diag_handlers[]
63 +
64 Patch: 2400_kcopy-patch-for-infiniband-driver.patch
65 From: Alexey Shvetsov <alexxy@g.o>
66 Desc: Zero copy for infiniband psm userspace driver
67
68 Added: genpatches-2.6/trunk/3.6/1500_sock-diag-out-of-bounds.patch
69 ===================================================================
70 --- genpatches-2.6/trunk/3.6/1500_sock-diag-out-of-bounds.patch (rev 0)
71 +++ genpatches-2.6/trunk/3.6/1500_sock-diag-out-of-bounds.patch 2013-02-28 20:35:05 UTC (rev 2296)
72 @@ -0,0 +1,16 @@
73 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-stable.git;a=blobdiff_plain;f=net%2Fcore%2Fsock_diag.c;h=750f44f3aa3117b578af1377ff07abb79032a612;hp=602cd637182ebb321af6773d2ccfe9a8945d44c5;hb=314561f4fe77ffad1b560a10cdfb3b6fdc731a74;hpb=ca2656dccef64c437d6717468bffd3762b11816e
74 +
75 +diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
76 +index 602cd63..750f44f 100644
77 +--- a/net/core/sock_diag.c
78 ++++ b/net/core/sock_diag.c
79 +@@ -121,6 +121,9 @@ static int __sock_diag_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
80 + if (nlmsg_len(nlh) < sizeof(*req))
81 + return -EINVAL;
82 +
83 ++ if (req->sdiag_family >= AF_MAX)
84 ++ return -EINVAL;
85 ++
86 + hndl = sock_diag_lock_handler(req->sdiag_family);
87 + if (hndl == NULL)
88 + err = -ENOENT;