/[linux-patches]/hardened/2.6/tags/2.6.18-5/1500_cvs-2007-1000.patch
Gentoo

Contents of /hardened/2.6/tags/2.6.18-5/1500_cvs-2007-1000.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 896 - (show annotations) (download)
Fri Mar 16 13:33:35 2007 UTC (7 years, 6 months ago) by phreak
File size: 1593 byte(s)
Tagging hardened-patches-2.6.18-5.
1 From: David S. Miller <davem@sunset.davemloft.net>
2 Date: Wed, 7 Mar 2007 20:50:46 +0000 (-0800)
3 Subject: IPV6: Handle np->opt being NULL in ipv6_getsockopt_sticky() [CVE-2007-1000]
4 X-Git-Tag: v2.6.20.2~1
5 X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fstable%2Flinux-2.6.20.y.git;a=commitdiff_plain;h=4c9ef074b33690981d81ab0107fe2573007083ef
6
7 IPV6: Handle np->opt being NULL in ipv6_getsockopt_sticky() [CVE-2007-1000]
8
9 This fixes http://bugzilla.kernel.org/show_bug.cgi?id=8134
10
11 Signed-off-by: David S. Miller <davem@davemloft.net>
12 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
13 ---
14
15 Index: linux-2.6.18/net/ipv6/ipv6_sockglue.c
16 ===================================================================
17 --- linux-2.6.18.orig/net/ipv6/ipv6_sockglue.c
18 +++ linux-2.6.18/net/ipv6/ipv6_sockglue.c
19 @@ -782,11 +782,15 @@ int compat_ipv6_setsockopt(struct sock *
20 EXPORT_SYMBOL(compat_ipv6_setsockopt);
21 #endif
22
23 -static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_opt_hdr *hdr,
24 +static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
25 char __user *optval, int len)
26 {
27 - if (!hdr)
28 + struct ipv6_opt_hdr *hdr;
29 +
30 + if (!opt || !opt->hopopt)
31 return 0;
32 + hdr = opt->hopopt;
33 +
34 len = min_t(int, len, ipv6_optlen(hdr));
35 if (copy_to_user(optval, hdr, ipv6_optlen(hdr)))
36 return -EFAULT;
37 @@ -926,7 +930,7 @@ static int do_ipv6_getsockopt(struct soc
38 {
39
40 lock_sock(sk);
41 - len = ipv6_getsockopt_sticky(sk, np->opt->hopopt,
42 + len = ipv6_getsockopt_sticky(sk, np->opt,
43 optval, len);
44 release_sock(sk);
45 return put_user(len, optlen);

  ViewVC Help
Powered by ViewVC 1.1.20