From cb7889476c50f4223fc761c08f6953ce7a05e537 Mon Sep 17 00:00:00 2001 From: Sona Sarmadi Date: Wed, 1 Jun 2016 08:27:18 +0200 Subject: kernel-net-ppp: CVE-2015-8569 Fixes an information leak from getsockname. References: =========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8569 Reference to the upstream fixes: =============================== https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/ patch/?id=f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c Signed-off-by: Sona Sarmadi Signed-off-by: Tudor Florea --- .../linux-hierofalcon/net-ppp-CVE-2015-8569.patch | 46 ++++++++++++++++++++++ recipes-kernel/linux/linux-hierofalcon_3.19.bb | 1 + recipes-kernel/linux/linux-hierofalcon_4.1.bb | 1 + 3 files changed, 48 insertions(+) create mode 100644 recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch diff --git a/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch new file mode 100644 index 0000000..0efaa09 --- /dev/null +++ b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch @@ -0,0 +1,46 @@ +From f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c Mon Sep 17 00:00:00 2001 +From: WANG Cong +Date: Mon, 14 Dec 2015 13:48:36 -0800 +Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect() + +[ Upstream commit 09ccfd238e5a0e670d8178cf50180ea81ae09ae1 ] + +CVE: CVE-2015-8569 +Upstream-Status: Backport + +Reported-by: Dmitry Vyukov +Signed-off-by: Cong Wang +Signed-off-by: David S. Miller +Signed-off-by: Greg Kroah-Hartman +Signed-off-by: Sona Sarmadi +--- + drivers/net/ppp/pptp.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c +index e3bfbd4d..0bacabf 100644 +--- a/drivers/net/ppp/pptp.c ++++ b/drivers/net/ppp/pptp.c +@@ -420,6 +420,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr, + struct pptp_opt *opt = &po->proto.pptp; + int error = 0; + ++ if (sockaddr_len < sizeof(struct sockaddr_pppox)) ++ return -EINVAL; ++ + lock_sock(sk); + + opt->src_addr = sp->sa_addr.pptp; +@@ -441,6 +444,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr, + struct flowi4 fl4; + int error = 0; + ++ if (sockaddr_len < sizeof(struct sockaddr_pppox)) ++ return -EINVAL; ++ + if (sp->sa_protocol != PX_PROTO_PPTP) + return -EINVAL; + +-- +cgit v0.12 + diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb index 5419b62..5c24d8e 100644 --- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb +++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb @@ -37,6 +37,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6 file://ALSA-CVE-2016-2546.patch \ file://Btrfs-CVE-2015-8374.patch \ file://ALSA-CVE-2016-2384.patch \ + file://net-ppp-CVE-2015-8569.patch \ " S = "${WORKDIR}/git" diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb index 39c40dd..9a0f2d7 100644 --- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb +++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb @@ -38,6 +38,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64 file://ALSA-CVE-2016-2546.patch \ file://Btrfs-CVE-2015-8374.patch \ file://ALSA-CVE-2016-2384.patch \ + file://net-ppp-CVE-2015-8569.patch \ " S = "${WORKDIR}/git" -- cgit v1.2.3-54-g00ecf