This is a note to let you know that I've just added the patch titled
CAN: Use inode instead of kernel address for /proc file
to the 2.6.33-longterm tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/longterm/longterm-queue-2.6.33.git;a=summary
The filename of the patch is:
can-use-inode-instead-of-kernel-address-for-proc-file.patch
and it can be found in the queue-2.6.33 subdirectory.
If you, or anyone else, feels it should not be added to the 2.6.33 longterm
tree,
please let <[email protected]> know about it.
>From 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg <[email protected]>
Date: Sun, 26 Dec 2010 06:54:53 +0000
Subject: CAN: Use inode instead of kernel address for /proc file
From: Dan Rosenberg <[email protected]>
commit 9f260e0efa4766e56d0ac14f1aeea6ee5eb8fe83 upstream.
Since the socket address is just being used as a unique identifier, its
inode number is an alternative that does not leak potentially sensitive
information.
CC-ing stable because MITRE has assigned CVE-2010-4565 to the issue.
Signed-off-by: Dan Rosenberg <[email protected]>
Acked-by: Oliver Hartkopp <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
Cc: Moritz Muehlenhoff <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/can/bcm.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/net/can/bcm.c
+++ b/net/can/bcm.c
@@ -117,7 +117,7 @@ struct bcm_sock {
struct list_head tx_ops;
unsigned long dropped_usr_msgs;
struct proc_dir_entry *bcm_proc_read;
- char procname [20]; /* pointer printed in ASCII with \0 */
+ char procname [32]; /* inode number in decimal with \0 */
};
static inline struct bcm_sock *bcm_sk(const struct sock *sk)
@@ -1506,7 +1506,7 @@ static int bcm_connect(struct socket *so
if (proc_dir) {
/* unique socket address as filename */
- sprintf(bo->procname, "%p", sock);
+ sprintf(bo->procname, "%lu", sock_i_ino(sk));
bo->bcm_proc_read = proc_create_data(bo->procname, 0644,
proc_dir,
&bcm_proc_fops, sk);
Patches currently in longterm-queue-2.6.33 which might be from
[email protected] are
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/sound-oss-remove-offset-from-load_patch-callbacks.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/rose-prevent-heap-corruption-with-bad-facilities.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/xfs-prevent-leaking-uninitialized-stack-memory-in-fsgeometry_v1.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/irda-prevent-heap-corruption-on-invalid-nickname.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/irda-validate-peer-name-and-attribute-lengths.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/sound-oss-opl3-validate-voice-and-channel-indexes.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/irda-prevent-integer-underflow-in-irlmp_enumdevices.patch
/home/gregkh/linux/longterm/longterm-queue-2.6.33/queue-2.6.33/can-use-inode-instead-of-kernel-address-for-proc-file.patch
_______________________________________________
stable mailing list
[email protected]
http://linux.kernel.org/mailman/listinfo/stable
