/[linux-patches]/genpatches-2.6/trunk/2.6.15/1100_netlink-rcv-skb-dos.patch
Gentoo

Contents of /genpatches-2.6/trunk/2.6.15/1100_netlink-rcv-skb-dos.patch

Parent Directory Parent Directory | Revision Log Revision Log


Revision 255 - (hide annotations) (download) (as text)
Wed Jan 11 21:15:20 2006 UTC (14 years, 7 months ago) by dsd
File MIME type: text/x-diff
File size: 961 byte(s)
Several patches from 2.6.15.1 queue
1 dsd 255 From nobody Mon Sep 17 00:00:00 2001
2     From: Martin Murray <murrayma@citi.umich.edu>
3     Date: Tue, 10 Jan 2006 21:02:29 +0000 (-0800)
4     Subject: [AF_NETLINK]: Fix DoS in netlink_rcv_skb() (CVE-2006-0035)
5    
6     Sanity check nlmsg_len during netlink_rcv_skb. An nlmsg_len == 0 can
7     cause infinite loop in kernel, effectively DoSing machine. Noted by
8     Matin Murray.
9    
10     Signed-off-by: Chris Wright <chrisw@sous-sol.org>
11     Signed-off-by: David S. Miller <davem@davemloft.net>
12     ---
13     net/netlink/af_netlink.c | 2 +-
14     1 file changed, 1 insertion(+), 1 deletion(-)
15    
16     --- linux-2.6.15.y.orig/net/netlink/af_netlink.c
17     +++ linux-2.6.15.y/net/netlink/af_netlink.c
18     @@ -1422,7 +1422,7 @@ static int netlink_rcv_skb(struct sk_buf
19     while (skb->len >= nlmsg_total_size(0)) {
20     nlh = (struct nlmsghdr *) skb->data;
21    
22     - if (skb->len < nlh->nlmsg_len)
23     + if (nlh->nlmsg_len < NLMSG_HDRLEN || skb->len < nlh->nlmsg_len)
24     return 0;
25    
26     total_len = min(NLMSG_ALIGN(nlh->nlmsg_len), skb->len);

  ViewVC Help
Powered by ViewVC 1.1.20