Author: dannf Date: Tue Dec 4 21:07:43 2007 New Revision: 9888 Log: * bugfix/isdn-net-overflow.patch [SECURITY] Fix potential overflows in the ISDN subsystem See CVE-2007-6063
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch dists/etch-security/linux-2.6/debian/patches/series/13etch6 Modified: dists/etch-security/linux-2.6/debian/changelog Modified: dists/etch-security/linux-2.6/debian/changelog ============================================================================== --- dists/etch-security/linux-2.6/debian/changelog (original) +++ dists/etch-security/linux-2.6/debian/changelog Tue Dec 4 21:07:43 2007 @@ -1,3 +1,11 @@ +linux-2.6 (2.6.18.dfsg.1-13etch6) UNRELEASED; urgency=low + + * bugfix/isdn-net-overflow.patch + [SECURITY] Fix potential overflows in the ISDN subsystem + See CVE-2007-6063 + + -- dann frazier <[EMAIL PROTECTED]> Tue, 04 Dec 2007 11:48:54 -0700 + linux-2.6 (2.6.18.dfsg.1-13etch5) stable-security; urgency=high * bugfix/sysfs_readdir-NULL-deref-1.patch, Added: dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch ============================================================================== --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/bugfix/isdn-net-overflow.patch Tue Dec 4 21:07:43 2007 @@ -0,0 +1,54 @@ +From: Karsten Keil <[EMAIL PROTECTED]> +Date: Thu, 22 Nov 2007 11:43:13 +0000 (+0100) +Subject: isdn: avoid copying overly-long strings +X-Git-Tag: v2.6.24-rc4~110 +X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=0f13864e5b24d9cbe18d125d41bfa4b726a82e40 + +isdn: avoid copying overly-long strings + +Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416 + +Signed-off-by: Karsten Keil <[EMAIL PROTECTED]> +Signed-off-by: Andrew Morton <[EMAIL PROTECTED]> +Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]> +--- + +diff -urpN linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c +--- linux-source-2.6.18.orig/drivers/isdn/i4l/isdn_net.c 2006-09-19 21:42:06.000000000 -0600 ++++ linux-source-2.6.18/drivers/isdn/i4l/isdn_net.c 2007-12-04 09:39:24.000000000 -0700 +@@ -2125,7 +2125,7 @@ isdn_net_find_icall(int di, int ch, int + u_long flags; + isdn_net_dev *p; + isdn_net_phone *n; +- char nr[32]; ++ char nr[ISDN_MSNLEN]; + char *my_eaz; + + /* Search name in netdev-chain */ +@@ -2134,7 +2134,7 @@ isdn_net_find_icall(int di, int ch, int + nr[1] = '\0'; + printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n"); + } else +- strcpy(nr, setup->phone); ++ strlcpy(nr, setup->phone, ISDN_MSNLEN); + si1 = (int) setup->si1; + si2 = (int) setup->si2; + if (!setup->eazmsn[0]) { +@@ -2803,7 +2803,7 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg + chidx = -1; + } + } +- strcpy(lp->msn, cfg->eaz); ++ strlcpy(lp->msn, cfg->eaz, sizeof(lp->msn)); + lp->pre_device = drvidx; + lp->pre_channel = chidx; + lp->onhtime = cfg->onhtime; +@@ -2952,7 +2952,7 @@ isdn_net_addphone(isdn_net_ioctl_phone * + if (p) { + if (!(n = (isdn_net_phone *) kmalloc(sizeof(isdn_net_phone), GFP_KERNEL))) + return -ENOMEM; +- strcpy(n->num, phone->phone); ++ strlcpy(n->num, phone->phone, sizeof(n->num)); + n->next = p->local->phone[phone->outgoing & 1]; + p->local->phone[phone->outgoing & 1] = n; + return 0; Added: dists/etch-security/linux-2.6/debian/patches/series/13etch6 ============================================================================== --- (empty file) +++ dists/etch-security/linux-2.6/debian/patches/series/13etch6 Tue Dec 4 21:07:43 2007 @@ -0,0 +1 @@ ++ bugfix/isdn-net-overflow.patch _______________________________________________ Kernel-svn-changes mailing list [email protected] http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
