pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
This commit is contained in:
parent
5db0f0e307
commit
e9708970a6
|
@ -3,6 +3,7 @@ linux (4.3.3-3) UNRELEASED; urgency=medium
|
|||
[ Ben Hutchings ]
|
||||
* [ppc64*] drm: Enable DRM_AST as module (Closes: #808338)
|
||||
* block: ensure to split after potentially bouncing a bio (Closes: #809082)
|
||||
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
|
||||
|
||||
[ Salvatore Bonaccorso ]
|
||||
* ovl: fix permission checking for setattr (CVE-2015-8660)
|
||||
|
|
34
debian/patches/bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
vendored
Normal file
34
debian/patches/bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
vendored
Normal file
|
@ -0,0 +1,34 @@
|
|||
From: WANG Cong <xiyou.wangcong@gmail.com>
|
||||
Date: Mon, 14 Dec 2015 13:48:36 -0800
|
||||
Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
|
||||
Origin: https://git.kernel.org/linus/09ccfd238e5a0e670d8178cf50180ea81ae09ae1
|
||||
|
||||
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
|
||||
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
drivers/net/ppp/pptp.c | 6 ++++++
|
||||
1 file changed, 6 insertions(+)
|
||||
|
||||
--- a/drivers/net/ppp/pptp.c
|
||||
+++ b/drivers/net/ppp/pptp.c
|
||||
@@ -418,6 +418,9 @@ static int pptp_bind(struct socket *sock
|
||||
struct pptp_opt *opt = &po->proto.pptp;
|
||||
int error = 0;
|
||||
|
||||
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
lock_sock(sk);
|
||||
|
||||
opt->src_addr = sp->sa_addr.pptp;
|
||||
@@ -439,6 +442,9 @@ static int pptp_connect(struct socket *s
|
||||
struct flowi4 fl4;
|
||||
int error = 0;
|
||||
|
||||
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
if (sp->sa_protocol != PX_PROTO_PPTP)
|
||||
return -EINVAL;
|
||||
|
|
@ -107,3 +107,4 @@ bugfix/all/tipc-fix-kfree_skb-of-uninitialised-pointer.patch
|
|||
debian/armhf-sparc64-force-zone_dma-to-be-enabled.patch
|
||||
bugfix/all/ovl-fix-permission-checking-for-setattr.patch
|
||||
bugfix/all/block-ensure-to-split-after-potentially-bouncing-a-b.patch
|
||||
bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
|
Loading…
Reference in New Issue