summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-06-01 06:27:18 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-06-01 07:08:39 (GMT)
commitcb7889476c50f4223fc761c08f6953ce7a05e537 (patch)
tree2a7b868a0d92d53ea47282d5b29f43f0a56b84e7
parentf843c4d152d2819b4df601a19e71f15099efecc4 (diff)
downloadmeta-hierofalcon-cb7889476c50f4223fc761c08f6953ce7a05e537.tar.gz
kernel-net-ppp: CVE-2015-8569
Fixes an information leak from getsockname. References: =========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8569 Reference to the upstream fixes: =============================== https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ patch/?id=f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch46
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_3.19.bb1
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_4.1.bb1
3 files changed, 48 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch
new file mode 100644
index 0000000..0efaa09
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch
@@ -0,0 +1,46 @@
1From f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c Mon Sep 17 00:00:00 2001
2From: WANG Cong <xiyou.wangcong@gmail.com>
3Date: Mon, 14 Dec 2015 13:48:36 -0800
4Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
5
6[ Upstream commit 09ccfd238e5a0e670d8178cf50180ea81ae09ae1 ]
7
8CVE: CVE-2015-8569
9Upstream-Status: Backport
10
11Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
12Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
13Signed-off-by: David S. Miller <davem@davemloft.net>
14Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
15Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
16---
17 drivers/net/ppp/pptp.c | 6 ++++++
18 1 file changed, 6 insertions(+)
19
20diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
21index e3bfbd4d..0bacabf 100644
22--- a/drivers/net/ppp/pptp.c
23+++ b/drivers/net/ppp/pptp.c
24@@ -420,6 +420,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
25 struct pptp_opt *opt = &po->proto.pptp;
26 int error = 0;
27
28+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
29+ return -EINVAL;
30+
31 lock_sock(sk);
32
33 opt->src_addr = sp->sa_addr.pptp;
34@@ -441,6 +444,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
35 struct flowi4 fl4;
36 int error = 0;
37
38+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
39+ return -EINVAL;
40+
41 if (sp->sa_protocol != PX_PROTO_PPTP)
42 return -EINVAL;
43
44--
45cgit v0.12
46
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index 5419b62..5c24d8e 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -37,6 +37,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
37 file://ALSA-CVE-2016-2546.patch \ 37 file://ALSA-CVE-2016-2546.patch \
38 file://Btrfs-CVE-2015-8374.patch \ 38 file://Btrfs-CVE-2015-8374.patch \
39 file://ALSA-CVE-2016-2384.patch \ 39 file://ALSA-CVE-2016-2384.patch \
40 file://net-ppp-CVE-2015-8569.patch \
40 " 41 "
41 42
42S = "${WORKDIR}/git" 43S = "${WORKDIR}/git"
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
index 39c40dd..9a0f2d7 100644
--- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -38,6 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
38 file://ALSA-CVE-2016-2546.patch \ 38 file://ALSA-CVE-2016-2546.patch \
39 file://Btrfs-CVE-2015-8374.patch \ 39 file://Btrfs-CVE-2015-8374.patch \
40 file://ALSA-CVE-2016-2384.patch \ 40 file://ALSA-CVE-2016-2384.patch \
41 file://net-ppp-CVE-2015-8569.patch \
41 " 42 "
42 43
43S = "${WORKDIR}/git" 44S = "${WORKDIR}/git"