This is a note to let you know that I've just added the patch titled
econet: 4 byte infoleak to the network
to the 2.6.38-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
econet-4-byte-infoleak-to-the-network.patch
and it can be found in the queue-2.6.38 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 67c5c6cb8129c595f21e88254a3fc6b3b841ae8e Mon Sep 17 00:00:00 2001
From: Vasiliy Kulikov <[email protected]>
Date: Thu, 17 Mar 2011 01:40:10 +0000
Subject: econet: 4 byte infoleak to the network
From: Vasiliy Kulikov <[email protected]>
commit 67c5c6cb8129c595f21e88254a3fc6b3b841ae8e upstream.
struct aunhdr has 4 padding bytes between 'pad' and 'handle' fields on
x86_64. These bytes are not initialized in the variable 'ah' before
sending 'ah' to the network. This leads to 4 bytes kernel stack
infoleak.
This bug was introduced before the git epoch.
Signed-off-by: Vasiliy Kulikov <[email protected]>
Acked-by: Phil Blundell <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/econet/af_econet.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -435,10 +435,10 @@ static int econet_sendmsg(struct kiocb *
udpdest.sin_addr.s_addr = htonl(network | addr.station);
}
+ memset(&ah, 0, sizeof(ah));
ah.port = port;
ah.cb = cb & 0x7f;
ah.code = 2; /* magic */
- ah.pad = 0;
/* tack our header on the front of the iovec */
size = sizeof(struct aunhdr);
Patches currently in stable-queue which might be from [email protected] are
queue-2.6.38/econet-4-byte-infoleak-to-the-network.patch
queue-2.6.38/scsi_transport_iscsi-make-priv_sess-file-writeable-only-by-root.patch
queue-2.6.38/drivers-leds-leds-lp5521.c-world-writable-sysfs-engine-files.patch
queue-2.6.38/drivers-rtc-rtc-ds1511.c-world-writable-sysfs-nvram-file.patch
queue-2.6.38/mfd-ab3500-world-writable-debugfs-register-files.patch
queue-2.6.38/drivers-misc-ep93xx_pwm.c-world-writable-sysfs-files.patch
queue-2.6.38/bluetooth-bnep-fix-buffer-overflow.patch
queue-2.6.38/ipv6-netfilter-ip6_tables-fix-infoleak-to-userspace.patch
queue-2.6.38/mfd-ab3100-world-writable-debugfs-_priv-files.patch
queue-2.6.38/bridge-netfilter-fix-information-leak.patch
queue-2.6.38/mfd-ab8500-world-writable-debugfs-register-files.patch
queue-2.6.38/netfilter-ip_tables-fix-infoleak-to-userspace.patch
queue-2.6.38/netfilter-ipt_clusterip-fix-buffer-overflow.patch
queue-2.6.38/drivers-leds-leds-lp5523.c-world-writable-engine-sysfs-files.patch
queue-2.6.38/netfilter-arp_tables-fix-infoleak-to-userspace.patch
queue-2.6.38/bluetooth-sco-fix-information-leak-to-userspace.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
