pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
This commit is contained in:
parent
5db0f0e307
commit
e9708970a6
|
@ -3,6 +3,7 @@ linux (4.3.3-3) UNRELEASED; urgency=medium
|
||||||
[ Ben Hutchings ]
|
[ Ben Hutchings ]
|
||||||
* [ppc64*] drm: Enable DRM_AST as module (Closes: #808338)
|
* [ppc64*] drm: Enable DRM_AST as module (Closes: #808338)
|
||||||
* block: ensure to split after potentially bouncing a bio (Closes: #809082)
|
* block: ensure to split after potentially bouncing a bio (Closes: #809082)
|
||||||
|
* pptp: verify sockaddr_len in pptp_bind() and pptp_connect() (CVE-2015-8569)
|
||||||
|
|
||||||
[ Salvatore Bonaccorso ]
|
[ Salvatore Bonaccorso ]
|
||||||
* ovl: fix permission checking for setattr (CVE-2015-8660)
|
* ovl: fix permission checking for setattr (CVE-2015-8660)
|
||||||
|
|
34
debian/patches/bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
vendored
Normal file
34
debian/patches/bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
vendored
Normal file
|
@ -0,0 +1,34 @@
|
||||||
|
From: WANG Cong <xiyou.wangcong@gmail.com>
|
||||||
|
Date: Mon, 14 Dec 2015 13:48:36 -0800
|
||||||
|
Subject: pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
|
||||||
|
Origin: https://git.kernel.org/linus/09ccfd238e5a0e670d8178cf50180ea81ae09ae1
|
||||||
|
|
||||||
|
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
|
||||||
|
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
|
||||||
|
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||||
|
---
|
||||||
|
drivers/net/ppp/pptp.c | 6 ++++++
|
||||||
|
1 file changed, 6 insertions(+)
|
||||||
|
|
||||||
|
--- a/drivers/net/ppp/pptp.c
|
||||||
|
+++ b/drivers/net/ppp/pptp.c
|
||||||
|
@@ -418,6 +418,9 @@ static int pptp_bind(struct socket *sock
|
||||||
|
struct pptp_opt *opt = &po->proto.pptp;
|
||||||
|
int error = 0;
|
||||||
|
|
||||||
|
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
lock_sock(sk);
|
||||||
|
|
||||||
|
opt->src_addr = sp->sa_addr.pptp;
|
||||||
|
@@ -439,6 +442,9 @@ static int pptp_connect(struct socket *s
|
||||||
|
struct flowi4 fl4;
|
||||||
|
int error = 0;
|
||||||
|
|
||||||
|
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
|
||||||
|
+ return -EINVAL;
|
||||||
|
+
|
||||||
|
if (sp->sa_protocol != PX_PROTO_PPTP)
|
||||||
|
return -EINVAL;
|
||||||
|
|
|
@ -107,3 +107,4 @@ bugfix/all/tipc-fix-kfree_skb-of-uninitialised-pointer.patch
|
||||||
debian/armhf-sparc64-force-zone_dma-to-be-enabled.patch
|
debian/armhf-sparc64-force-zone_dma-to-be-enabled.patch
|
||||||
bugfix/all/ovl-fix-permission-checking-for-setattr.patch
|
bugfix/all/ovl-fix-permission-checking-for-setattr.patch
|
||||||
bugfix/all/block-ensure-to-split-after-potentially-bouncing-a-b.patch
|
bugfix/all/block-ensure-to-split-after-potentially-bouncing-a-b.patch
|
||||||
|
bugfix/all/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||||
|
|
Loading…
Reference in New Issue