diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2017-09-22 11:17:32 +0200 |
---|---|---|
committer | Martin Borg <martin.borg@enea.com> | 2017-09-22 14:14:03 +0200 |
commit | 00c79cf926477f504e42be8b1c8ec074e671b955 (patch) | |
tree | 4590d3d23d7c1b5704810c2b4505f55b025dd33a | |
parent | ae3f51df465f5450db9ef2f63793d39cf0501a75 (diff) | |
download | meta-enea-bsp-arm-00c79cf926477f504e42be8b1c8ec074e671b955.tar.gz |
linux-cavium: CVE-2017-7487
call ipxitf_put() in ioctl error path
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-7487
Upstream patch
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.50&id=820adccd0e3be9bdd2384ca8fc4712108cfdf28b
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Martin Borg <martin.borg@enea.com>
-rw-r--r-- | recipes-kernel/linux/linux-cavium/CVE-2017-7487.patch | 39 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-cavium_4.9.inc | 1 |
2 files changed, 40 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-cavium/CVE-2017-7487.patch b/recipes-kernel/linux/linux-cavium/CVE-2017-7487.patch new file mode 100644 index 0000000..41849fe --- /dev/null +++ b/recipes-kernel/linux/linux-cavium/CVE-2017-7487.patch | |||
@@ -0,0 +1,39 @@ | |||
1 | From ee0d8d8482345ff97a75a7d747efc309f13b0d80 Mon Sep 17 00:00:00 2001 | ||
2 | From: Dan Carpenter <dan.carpenter@oracle.com> | ||
3 | Date: Tue, 2 May 2017 13:58:53 +0300 | ||
4 | Subject: [PATCH] ipx: call ipxitf_put() in ioctl error path | ||
5 | MIME-Version: 1.0 | ||
6 | Content-Type: text/plain; charset=UTF-8 | ||
7 | Content-Transfer-Encoding: 8bit | ||
8 | |||
9 | We should call ipxitf_put() if the copy_to_user() fails. | ||
10 | |||
11 | CVE: CVE-2017-7487 | ||
12 | Upstream-Status: Backport [backport from: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=v4.9.50&id=820adccd0e3be9bdd2384ca8fc4712108cfdf28b] | ||
13 | |||
14 | Reported-by: 李强 <liqiang6-s@360.cn> | ||
15 | Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> | ||
16 | Signed-off-by: David S. Miller <davem@davemloft.net> | ||
17 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
18 | --- | ||
19 | net/ipx/af_ipx.c | 5 ++--- | ||
20 | 1 file changed, 2 insertions(+), 3 deletions(-) | ||
21 | |||
22 | diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c | ||
23 | index 8a9219ff2e77e..fa31ef29e3fa0 100644 | ||
24 | --- a/net/ipx/af_ipx.c | ||
25 | +++ b/net/ipx/af_ipx.c | ||
26 | @@ -1168,11 +1168,10 @@ static int ipxitf_ioctl(unsigned int cmd, void __user *arg) | ||
27 | sipx->sipx_network = ipxif->if_netnum; | ||
28 | memcpy(sipx->sipx_node, ipxif->if_node, | ||
29 | sizeof(sipx->sipx_node)); | ||
30 | - rc = -EFAULT; | ||
31 | + rc = 0; | ||
32 | if (copy_to_user(arg, &ifr, sizeof(ifr))) | ||
33 | - break; | ||
34 | + rc = -EFAULT; | ||
35 | ipxitf_put(ipxif); | ||
36 | - rc = 0; | ||
37 | break; | ||
38 | } | ||
39 | case SIOCAIPXITFCRT: | ||
diff --git a/recipes-kernel/linux/linux-cavium_4.9.inc b/recipes-kernel/linux/linux-cavium_4.9.inc index feb37da..3a4eeb5 100644 --- a/recipes-kernel/linux/linux-cavium_4.9.inc +++ b/recipes-kernel/linux/linux-cavium_4.9.inc | |||
@@ -15,6 +15,7 @@ KENEABRANCH = "cavium-4.9" | |||
15 | SRC_URI = "git://git@git.enea.com/linux/linux-cavium.git;protocol=ssh;name=machine;branch=${KBRANCH} \ | 15 | SRC_URI = "git://git@git.enea.com/linux/linux-cavium.git;protocol=ssh;name=machine;branch=${KBRANCH} \ |
16 | git://git@git.enea.com/linux/enea-kernel-cache.git;protocol=ssh;type=kmeta;name=metaenea;branch=${KENEABRANCH};destsuffix=enea-kernel-cache \ | 16 | git://git@git.enea.com/linux/enea-kernel-cache.git;protocol=ssh;type=kmeta;name=metaenea;branch=${KENEABRANCH};destsuffix=enea-kernel-cache \ |
17 | file://dts \ | 17 | file://dts \ |
18 | file://CVE-2017-7487.patch \ | ||
18 | " | 19 | " |
19 | 20 | ||
20 | LINUX_KERNEL_TYPE = "tiny" | 21 | LINUX_KERNEL_TYPE = "tiny" |