Patch "tools: hv: Netlink source address validation allows DoS" has been added to the 3.4-stable tree

Tue, 26 Mar 2013 13:28:19 -0700 

This is a note to let you know that I've just added the patch titled

    tools: hv: Netlink source address validation allows DoS

to the 3.4-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     tools-hv-netlink-source-address-validation-allows-dos.patch
and it can be found in the queue-3.4 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.


>From 95a69adab9acfc3981c504737a2b6578e4d846ef Mon Sep 17 00:00:00 2001
From: Tomas Hozza <[email protected]>
Date: Thu, 8 Nov 2012 10:53:29 +0100
Subject: tools: hv: Netlink source address validation allows DoS

From: Tomas Hozza <[email protected]>

commit 95a69adab9acfc3981c504737a2b6578e4d846ef upstream.

The source code without this patch caused hypervkvpd to exit when it processed
a spoofed Netlink packet which has been sent from an untrusted local user.
Now Netlink messages with a non-zero nl_pid source address are ignored
and a warning is printed into the syslog.

Signed-off-by: Tomas Hozza <[email protected]>
Acked-by:  K. Y. Srinivasan <[email protected]>
Cc: Ben Hutchings <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>

---
 tools/hv/hv_kvp_daemon.c |    8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

--- a/tools/hv/hv_kvp_daemon.c
+++ b/tools/hv/hv_kvp_daemon.c
@@ -727,13 +727,19 @@ int main(void)
                len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
                                addr_p, &addr_l);
 
-               if (len < 0 || addr.nl_pid) {
+               if (len < 0) {
                        syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
                                        addr.nl_pid, errno, strerror(errno));
                        close(fd);
                        return -1;
                }
 
+               if (addr.nl_pid) {
+                       syslog(LOG_WARNING, "Received packet from untrusted 
pid:%u",
+                                       addr.nl_pid);
+                       continue;
+               }
+
                incoming_msg = (struct nlmsghdr *)kvp_recv_buffer;
                incoming_cn_msg = (struct cn_msg *)NLMSG_DATA(incoming_msg);
                hv_msg = (struct hv_kvp_msg *)incoming_cn_msg->data;


Patches currently in stable-queue which might be from [email protected] are

queue-3.4/tools-hv-netlink-source-address-validation-allows-dos.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Reply via email to