Author: dannf
Date: Tue Dec 5 10:13:26 2006
New Revision: 7935
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Log:
* bridge-get_fdb_entries-overflow.dpatch
Protect against possible overflow in get_fdb_entries
See CVE-2006-5751
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Tue Dec 5 10:13:26 2006
@@ -33,8 +33,11 @@
Honor uid, gid and mode mount options for smbfs even when unix extensions
are enabled
See CVE-2006-5871
+ * bridge-get_fdb_entries-overflow.dpatch
+ Protect against possible overflow in get_fdb_entries
+ See CVE-2006-5751
- -- dann frazier <[EMAIL PROTECTED]> Sun, 3 Dec 2006 16:14:55 -0700
+ -- dann frazier <[EMAIL PROTECTED]> Mon, 4 Dec 2006 19:11:05 -0700
kernel-source-2.6.8 (2.6.8-16sarge5) stable-security; urgency=high
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/bridge-get_fdb_entries-overflow.dpatch
Tue Dec 5 10:13:26 2006
@@ -0,0 +1,36 @@
+From: Chris Wright <[EMAIL PROTECTED]>
+Date: Mon, 20 Nov 2006 23:02:49 +0000 (-0800)
+Subject: [PATCH] bridge: fix possible overflow in get_fdb_entries
+X-Git-Tag: v2.6.19
+X-Git-Url:
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ba8379b220509e9448c00a77cf6c15ac2a559cc7
+
+[PATCH] bridge: fix possible overflow in get_fdb_entries
+
+Make sure to properly clamp maxnum to avoid overflow
+
+Signed-off-by: Chris Wright <[EMAIL PROTECTED]>
+Acked-by: Eugene Teo <[EMAIL PROTECTED]>
+Acked-by: Marcel Holtmann <[EMAIL PROTECTED]>
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+--- a/net/bridge/br_ioctl.c
++++ b/net/bridge/br_ioctl.c
+@@ -58,12 +58,13 @@ static int get_fdb_entries(struct net_br
+ {
+ int num;
+ void *buf;
+- size_t size = maxnum * sizeof(struct __fdb_entry);
++ size_t size;
+
+- if (size > PAGE_SIZE) {
+- size = PAGE_SIZE;
++ /* Clamp size to PAGE_SIZE, test maxnum to avoid overflow */
++ if (maxnum > PAGE_SIZE/sizeof(struct __fdb_entry))
+ maxnum = PAGE_SIZE/sizeof(struct __fdb_entry);
+- }
++
++ size = maxnum * sizeof(struct __fdb_entry);
+
+ buf = kmalloc(size, GFP_USER);
+ if (!buf)
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge6
Tue Dec 5 10:13:26 2006
@@ -6,3 +6,4 @@
+ ppc-alignment-exception-table-check.dpatch
+ s390-uaccess-memleak.dpatch
+ smbfs-honor-mount-opts.dpatch
++ bridge-get_fdb_entries-overflow.dpatch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
