/[linux-patches]/genpatches-2.6/tags/2.6.15-2/1100_netlink-rcv-skb-dos.patch
Gentoo

Contents of /genpatches-2.6/tags/2.6.15-2/1100_netlink-rcv-skb-dos.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 259 - (show annotations) (download)
Wed Jan 11 21:46:01 2006 UTC (8 years, 8 months ago) by dsd
File size: 961 byte(s)
2.6.15-2 release
1 From nobody Mon Sep 17 00:00:00 2001
2 From: Martin Murray <murrayma@citi.umich.edu>
3 Date: Tue, 10 Jan 2006 21:02:29 +0000 (-0800)
4 Subject: [AF_NETLINK]: Fix DoS in netlink_rcv_skb() (CVE-2006-0035)
5
6 Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can
7 cause infinite loop in kernel, effectively DoSing machine. Noted by
8 Matin Murray.
9
10 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
11 Signed-off-by: David S. Miller <davem@davemloft.net>
12 ---
13 net/netlink/af_netlink.c | 2 +-
14 1 file changed, 1 insertion(+), 1 deletion(-)
15
16 --- linux-2.6.15.y.orig/net/netlink/af_netlink.c
17 +++ linux-2.6.15.y/net/netlink/af_netlink.c
18 @@ -1422,7 +1422,7 @@ static int netlink_rcv_skb(struct sk_buf
19 while (skb->len >= nlmsg_total_size(0)) {
20 nlh = (struct nlmsghdr *) skb->data;
21
22 - if (skb->len < nlh->nlmsg_len)
23 + if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
24 return 0;
25
26 total_len = min(NLMSG_ALIGN(nlh->nlmsg_len), skb->len);

  ViewVC Help
Powered by ViewVC 1.1.20