Author: dannf Date: Thu Feb 14 04:22:44 2008 New Revision: 10540 Log: * powerpc-chrp-null-deref.dpatch [SECURITY][powerpc] Fix NULL pointer dereference if get_property fails on the subarchitecture See CVE-2007-6694
Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog ============================================================================== --- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog (original) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog Thu Feb 14 04:22:44 2008 @@ -61,8 +61,12 @@ If userspace still has the device open it can result, the driver would wait for the device to close, blocking the USB subsystem. See CVE-2007-5093 + * powerpc-chrp-null-deref.dpatch + [SECURITY][powerpc] Fix NULL pointer dereference if get_property + fails on the subarchitecture + See CVE-2007-6694 - -- dann frazier <[EMAIL PROTECTED]> Wed, 13 Feb 2008 20:20:12 -0700 + -- dann frazier <[EMAIL PROTECTED]> Wed, 13 Feb 2008 21:18:45 -0700 kernel-source-2.6.8 (2.6.8-17) oldstable; urgency=high Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch ============================================================================== --- (empty file) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/powerpc-chrp-null-deref.dpatch Thu Feb 14 04:22:44 2008 @@ -0,0 +1,49 @@ +commit 9ac71d00398674aaec664f30559f0a21d963862f +Author: Cyrill Gorcunov <[EMAIL PROTECTED]> +Date: Fri Nov 23 16:43:04 2007 +1100 + + [POWERPC] CHRP: Fix possible NULL pointer dereference + + This fixes a possible NULL pointer dereference inside of strncmp() if + of_get_property() fails. + + Signed-off-by: Cyrill Gorcunov <[EMAIL PROTECTED]> + Signed-off-by: Paul Mackerras <[EMAIL PROTECTED]> + +Backported to Debian's 2.6.8 by dann frazier <[EMAIL PROTECTED]> + +diff -urpN kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c +--- kernel-source-2.6.8.orig/arch/ppc/platforms/chrp_setup.c 2007-05-26 02:54:38.000000000 -0600 ++++ kernel-source-2.6.8/arch/ppc/platforms/chrp_setup.c 2008-02-13 20:40:08.000000000 -0700 +@@ -117,7 +117,7 @@ chrp_show_cpuinfo(struct seq_file *m) + seq_printf(m, "machine\t\t: CHRP %s\n", model); + + /* longtrail (goldengate) stuff */ +- if (!strncmp(model, "IBM,LongTrail", 13)) { ++ if (model && !strncmp(model, "IBM,LongTrail", 13)) { + /* VLSI VAS96011/12 `Golden Gate 2' */ + /* Memory banks */ + sdramen = (in_le32((unsigned *)(gg2_pci_config_base+ +@@ -206,14 +206,20 @@ static void __init sio_fixup_irq(const c + static void __init sio_init(void) + { + struct device_node *root; ++ const char *model; + +- if ((root = find_path_device("/")) && +- !strncmp(get_property(root, "model", NULL), "IBM,LongTrail", 13)) { ++ root = find_path_device("/"); ++ if (!root) ++ return; ++ ++ model = get_property(root, "model", NULL); ++ if (model && !strncmp(model, "IBM,LongTrail", 13)) { + /* logical device 0 (KBC/Keyboard) */ + sio_fixup_irq("keyboard", 0, 1, 2); + /* select logical device 1 (KBC/Mouse) */ + sio_fixup_irq("mouse", 1, 12, 2); + } ++ + } + + void pegasos_set_l2cr(void) Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 ============================================================================== --- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 (original) +++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17sarge1 Thu Feb 14 04:22:44 2008 @@ -16,3 +16,4 @@ + hugetlb-prio_tree-unit-fix.dpatch + amd64-zero-extend-32bit-ptrace.dpatch + usb-pwc-disconnect-block.dpatch ++ powerpc-chrp-null-deref.dpatch _______________________________________________ Kernel-svn-changes mailing list Kernel-svn-changes@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes