[kernel] r10367 - in dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series
Dann Frazier
dannf at alioth.debian.org
Fri Feb 1 21:00:08 UTC 2008
Author: dannf
Date: Fri Feb 1 21:00:07 2008
New Revision: 10367
Log:
* 257_isdn-net-overflow.diff
[SECURITY] Fix potential overflows in the ISDN subsystem
See CVE-2007-6063
Added:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff
Modified:
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog Fri Feb 1 21:00:07 2008
@@ -56,6 +56,9 @@
* 256_i4l-isdn_ioctl-mem-overrun.diff
[SECURITY] Fix potential isdn ioctl memory overrun
See CVE-2007-6151
+ * 257_isdn-net-overflow.diff
+ [SECURITY] Fix potential overflows in the ISDN subsystem
+ See CVE-2007-6063
-- dann frazier <dannf at debian.org> Fri, 01 Feb 2008 14:48:58 -0600
Added: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/257_isdn-net-overflow.diff Fri Feb 1 21:00:07 2008
@@ -0,0 +1,58 @@
+commit f76d36ddb1a6da76d46185941f326739cbba5e41
+Author: Willy Tarreau <w at 1wt.eu>
+Date: Mon Dec 10 07:17:13 2007 +0100
+
+ [PATCH] isdn: avoid copying overly-long strings
+
+ Backport of 2.6 commit 0f13864e5b24d9cbe18d125d41bfa4b726a82e40 by Karsten Keil
+
+ Addresses http://bugzilla.kernel.org/show_bug.cgi?id=9416
+
+ Signed-off-by: Willy Tarreau <w at 1wt.eu>
+
+diff --git a/drivers/isdn/isdn_net.c b/drivers/isdn/isdn_net.c
+index 0a5bea3..e85fcc4 100644
+--- a/drivers/isdn/isdn_net.c
++++ b/drivers/isdn/isdn_net.c
+@@ -2159,7 +2159,7 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
+ isdn_net_dev *p;
+ isdn_net_phone *n;
+ ulong flags;
+- char nr[32];
++ char nr[ISDN_MSNLEN];
+ char *my_eaz;
+
+ /* Search name in netdev-chain */
+@@ -2169,8 +2169,10 @@ isdn_net_find_icall(int di, int ch, int idx, setup_parm *setup)
+ nr[0] = '0';
+ nr[1] = '\0';
+ printk(KERN_INFO "isdn_net: Incoming call without OAD, assuming '0'\n");
+- } else
+- strcpy(nr, setup->phone);
++ } else {
++ strncpy(nr, setup->phone, ISDN_MSNLEN - 1);
++ nr[ISDN_MSNLEN - 1] = 0;
++ }
+ si1 = (int) setup->si1;
+ si2 = (int) setup->si2;
+ if (!setup->eazmsn[0]) {
+@@ -2855,7 +2857,8 @@ isdn_net_setcfg(isdn_net_ioctl_cfg * cfg)
+ chidx = -1;
+ }
+ }
+- strcpy(lp->msn, cfg->eaz);
++ strncpy(lp->msn, cfg->eaz, sizeof(lp->msn) - 1);
++ lp->msn[sizeof(lp->msn) - 1] = 0;
+ lp->pre_device = drvidx;
+ lp->pre_channel = chidx;
+ lp->onhtime = cfg->onhtime;
+@@ -3004,7 +3007,8 @@ isdn_net_addphone(isdn_net_ioctl_phone * phone)
+ if (p) {
+ if (!(n = (isdn_net_phone *) kmalloc(sizeof(isdn_net_phone), GFP_KERNEL)))
+ return -ENOMEM;
+- strcpy(n->num, phone->phone);
++ strncpy(n->num, phone->phone, sizeof(n->num) - 1);
++ n->num[sizeof(n->num) - 1] = 0;
+ n->next = p->local->phone[phone->outgoing & 1];
+ p->local->phone[phone->outgoing & 1] = n;
+ return 0;
Modified: dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6
==============================================================================
--- dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 (original)
+++ dists/sarge-security/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-10sarge6 Fri Feb 1 21:00:07 2008
@@ -16,3 +16,4 @@
+ 254_cramfs-check-block-length.diff
+ 255_ext2-skip-pages-past-num-blocks.diff
+ 256_i4l-isdn_ioctl-mem-overrun.diff
++ 257_isdn-net-overflow.diff
More information about the Kernel-svn-changes
mailing list