[kernel] r10367 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Dann Frazier dannf at alioth.debian.org
Fri Feb 1 21:00:08 UTC 2008 

Author: dannf
Date: Fri Feb  1 21:00:07 2008
New Revision: 10367

Log:
* 257_isdn-net-overflow.diff
  [SECURITY] Fix potential overflows in the ISDN subsystem
  See CVE-2007-6063

Added:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff
Modified:
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	Fri Feb  1 21:00:07 2008
@@ -56,6 +56,9 @@
   * 256_i4l-isdn_ioctl-mem-overrun.diff
     [SECURITY] Fix potential isdn ioctl memory overrun
     See CVE-2007-6151
+  * 257_isdn-net-overflow.diff
+    [SECURITY] Fix potential overflows in the ISDN subsystem
+    See CVE-2007-6063
 
  -- dann frazier <dannf at debian.org>  Fri, 01 Feb 2008 14:48:58 -0600
 

Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff	Fri Feb  1 21:00:07 2008
@@ -0,0 +1,58 @@
+commit f76d36ddb1a6da76d46185941f326739cbba5e41
+Author: Willy Tarreau <w at 1wt.eu>
+Date:   Mon Dec 10 07:17:13 2007 +0100
+
+    [PATCH] isdn: avoid copying overly-long strings
+    
+    Backport of 2.6 commit 0f13864e5b24d9cbe18d125d41bfa4b726a82e40 by Karsten Keil
+    
+    Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
+    
+    Signed-off-by: Willy Tarreau <w at 1wt.eu>
+
+diff --git a/drivers/isdn/isdn_net.c b/drivers/isdn/isdn_net.c
+index 0a5bea3..e85fcc4 100644
+--- a/drivers/isdn/isdn_net.c
++++ b/drivers/isdn/isdn_net.c
+@@ -2159,7 +2159,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
+ 	isdn_net_dev *p;
+ 	isdn_net_phone *n;
+ 	ulong flags;
+-	char nr[32];
++	char nr[ISDN_MSNLEN];
+ 	char *my_eaz;
+ 
+ 	/* Search name in netdev-chain */
+@@ -2169,8 +2169,10 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
+ 		nr[0] = '0';
+ 		nr[1] = '\0';
+ 		printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
+-	} else
+-		strcpy(nr, setup->phone);
++	} else {
++		strncpy(nr, setup->phone, ISDN_MSNLEN - 1);
++		nr[ISDN_MSNLEN - 1] = 0;
++	}
+ 	si1 = (int) setup->si1;
+ 	si2 = (int) setup->si2;
+ 	if (!setup->eazmsn[0]) {
+@@ -2855,7 +2857,8 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
+ 				chidx = -1;
+ 			}
+ 		}
+-		strcpy(lp->msn, cfg->eaz);
++		strncpy(lp->msn, cfg->eaz, sizeof(lp->msn) - 1);
++		lp->msn[sizeof(lp->msn) - 1] = 0;
+ 		lp->pre_device = drvidx;
+ 		lp->pre_channel = chidx;
+ 		lp->onhtime = cfg->onhtime;
+@@ -3004,7 +3007,8 @@ isdn_net_addphone(isdn_net_ioctl_phone * phone)
+ 	if (p) {
+ 		if (!(n = (isdn_net_phone *) kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
+ 			return -ENOMEM;
+-		strcpy(n->num, phone->phone);
++		strncpy(n->num, phone->phone, sizeof(n->num) - 1);
++		n->num[sizeof(n->num) - 1] = 0;
+ 		n->next = p->local->phone[phone->outgoing & 1];
+ 		p->local->phone[phone->outgoing & 1] = n;
+ 		return 0;

Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	(original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6	Fri Feb  1 21:00:07 2008
@@ -16,3 +16,4 @@
 + 254_cramfs-check-block-length.diff
 + 255_ext2-skip-pages-past-num-blocks.diff
 + 256_i4l-isdn_ioctl-mem-overrun.diff
++ 257_isdn-net-overflow.diff

More information about the Kernel-svn-changes mailing list