debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)

This commit is contained in:
Ben Hutchings 2015-12-27 04:22:33 +00:00
parent 5db0f0e307
commit e9708970a6
3 changed files with 36 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
debian/changelog vendored
View File

@ -3,6 +3,7 @@ linux (4.3.3-3) UNRELEASED; urgency=medium
[ Ben Hutchings ]
* [ppc64*] drm: Enable DRM_AST as module (Closes: #808338)
* block: ensure to split after potentially bouncing a bio (Closes: #809082)
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
[ Salvatore Bonaccorso ]
* ovl: fix permission checking for setattr (CVE-2015-8660)

34
debian/patches/bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch vendored Normal file
View File

@ -0,0 +1,34 @@
From: WANG Cong <xiyou.wangcong@gmail.com>
Date: Mon, 14 Dec 2015 13:48:36 -0800
Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
Origin: https://git.kernel.org/linus/09ccfd238e5a0e670d8178cf50180ea81ae09ae1
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ppp/pptp.c | 6 ++++++
1 file changed, 6 insertions(+)
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -418,6 +418,9 @@ static int pptp_bind(struct socket *sock
struct pptp_opt *opt = &po->proto.pptp;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
lock_sock(sk);
opt->src_addr = sp->sa_addr.pptp;
@@ -439,6 +442,9 @@ static int pptp_connect(struct socket *s
struct flowi4 fl4;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
if (sp->sa_protocol != PX_PROTO_PPTP)
return -EINVAL;

1
debian/patches/series vendored
View File

@ -107,3 +107,4 @@ bugfix/all/tipc-fix-kfree_skb-of-uninitialised-pointer.patch
debian/armhf-sparc64-force-zone_dma-to-be-enabled.patch
bugfix/all/ovl-fix-permission-checking-for-setattr.patch
bugfix/all/block-ensure-to-split-after-potentially-bouncing-a-b.patch
bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch