summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-10-07 07:15:45 (GMT)
committerAdrian Dudau <adrian.dudau@enea.com>2016-10-07 12:33:16 (GMT)
commit75c4229c4275a807dd0f89ad8c03da1e8d20f3bd (patch)
tree10d3dd96a41e9090492c8463e6f542fc72b7a969
parentbac630923de2f10b62e8f2635f192b7fec8165ba (diff)
downloadmeta-enea-bsp-common-75c4229c4275a807dd0f89ad8c03da1e8d20f3bd.tar.gz
kernel: CVE-2016-4951
Fixes null pointer dereference in tipc_nl_publ_dump. References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4951 Reference to upstream fix: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=23cdd8c3cbe9d790f23d7f9ae14e9b828f56f69c Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Adrian Dudau <adrian.dudau@enea.com>
-rw-r--r--recipes-kernel/linux/files/CVE-2016-4951.patch43
-rw-r--r--recipes-kernel/linux/linux-yocto_4.%.bbappend1
2 files changed, 44 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/CVE-2016-4951.patch b/recipes-kernel/linux/files/CVE-2016-4951.patch
new file mode 100644
index 0000000..31eb29e
--- /dev/null
+++ b/recipes-kernel/linux/files/CVE-2016-4951.patch
@@ -0,0 +1,43 @@
1From 23cdd8c3cbe9d790f23d7f9ae14e9b828f56f69c Mon Sep 17 00:00:00 2001
2From: Richard Alpe <richard.alpe@ericsson.com>
3Date: Mon, 16 May 2016 11:14:54 +0200
4Subject: tipc: check nl sock before parsing nested attributes
5
6[ Upstream commit 45e093ae2830cd1264677d47ff9a95a71f5d9f9c ]
7
8Make sure the socket for which the user is listing publication exists
9before parsing the socket netlink attributes.
10
11Prior to this patch a call without any socket caused a NULL pointer
12dereference in tipc_nl_publ_dump().
13
14Upstream-Status: Backport
15CVE: CVE-2016-4951
16
17Tested-and-reported-by: Baozeng Ding <sploving1@gmail.com>
18Signed-off-by: Richard Alpe <richard.alpe@ericsson.com>
19Acked-by: Jon Maloy <jon.maloy@ericsson.cm>
20Signed-off-by: David S. Miller <davem@davemloft.net>
21Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 net/tipc/socket.c | 3 +++
25 1 file changed, 3 insertions(+)
26
27diff --git a/net/tipc/socket.c b/net/tipc/socket.c
28index e53003c..9b713e0 100644
29--- a/net/tipc/socket.c
30+++ b/net/tipc/socket.c
31@@ -2814,6 +2814,9 @@ int tipc_nl_publ_dump(struct sk_buff *skb, struct netlink_callback *cb)
32 if (err)
33 return err;
34
35+ if (!attrs[TIPC_NLA_SOCK])
36+ return -EINVAL;
37+
38 err = nla_parse_nested(sock, TIPC_NLA_SOCK_MAX,
39 attrs[TIPC_NLA_SOCK],
40 tipc_nl_sock_policy);
41--
42cgit v0.12
43
diff --git a/recipes-kernel/linux/linux-yocto_4.%.bbappend b/recipes-kernel/linux/linux-yocto_4.%.bbappend
index d0c4e98..cd0de11 100644
--- a/recipes-kernel/linux/linux-yocto_4.%.bbappend
+++ b/recipes-kernel/linux/linux-yocto_4.%.bbappend
@@ -5,6 +5,7 @@ FILESEXTRAPATHS_prepend := "${THISDIR}/files:"
5SRC_URI += "file://hid-CVE-2016-5829.patch \ 5SRC_URI += "file://hid-CVE-2016-5829.patch \
6 file://CVE-2016-5696-limiting-of-all-challenge.patch \ 6 file://CVE-2016-5696-limiting-of-all-challenge.patch \
7 file://CVE-2016-5696-make-challenge-acks-less-predictable.patch \ 7 file://CVE-2016-5696-make-challenge-acks-less-predictable.patch \
8 file://CVE-2016-4951.patch \
8 " 9 "
9 10
10ENEA_KERNEL_FRAGMENTS += "\ 11ENEA_KERNEL_FRAGMENTS += "\