From cb7889476c50f4223fc761c08f6953ce7a05e537 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Wed, 1 Jun 2016 08:27:18 +0200
Subject: kernel-net-ppp: CVE-2015-8569

Fixes an information leak from getsockname.

References:
===========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8569
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-8569

Reference to the upstream fixes:
===============================
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
patch/?id=f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../linux-hierofalcon/net-ppp-CVE-2015-8569.patch  | 46 ++++++++++++++++++++++
 1 file changed, 46 insertions(+)
 create mode 100644 recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch

(limited to 'recipes-kernel/linux/linux-hierofalcon')

diff --git a/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch
new file mode 100644
index 0000000..0efaa09
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon/net-ppp-CVE-2015-8569.patch
@@ -0,0 +1,46 @@
+From f167b6f4244fbc8d05fcc385b1bf8e70729c9e7c Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Mon, 14 Dec 2015 13:48:36 -0800
+Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
+
+[ Upstream commit 09ccfd238e5a0e670d8178cf50180ea81ae09ae1 ]
+
+CVE: CVE-2015-8569
+Upstream-Status: Backport
+
+Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ drivers/net/ppp/pptp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
+index e3bfbd4d..0bacabf 100644
+--- a/drivers/net/ppp/pptp.c
++++ b/drivers/net/ppp/pptp.c
+@@ -420,6 +420,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
+ 	struct pptp_opt *opt = &po->proto.pptp;
+ 	int error = 0;
+ 
++	if (sockaddr_len < sizeof(struct sockaddr_pppox))
++		return -EINVAL;
++
+ 	lock_sock(sk);
+ 
+ 	opt->src_addr = sp->sa_addr.pptp;
+@@ -441,6 +444,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
+ 	struct flowi4 fl4;
+ 	int error = 0;
+ 
++	if (sockaddr_len < sizeof(struct sockaddr_pppox))
++		return -EINVAL;
++
+ 	if (sp->sa_protocol != PX_PROTO_PPTP)
+ 		return -EINVAL;
+ 
+-- 
+cgit v0.12
+
-- 
cgit v1.2.3-54-g00ecf