FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 10-30-2010, 11:43 PM
Linus Torvalds
 
Default net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859

BugLink: http://bugs/launchpad.net/bugs/708839

CVE-2010-3859

commit 253eacc070b114c2ec1f81b067d2fed7305467b0 upstream.

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
net/socket.c | 4 ++++
1 files changed, 4 insertions(+), 0 deletions(-)

diff --git a/net/socket.c b/net/socket.c
index 6d47165..f0dcc29 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1673,6 +1673,8 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
struct iovec iov;
int fput_needed;

+ if (len > INT_MAX)
+ len = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
@@ -1730,6 +1732,8 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
int err, err2;
int fput_needed;

+ if (size > INT_MAX)
+ size = INT_MAX;
sock = sockfd_lookup_light(fd, &err, &fput_needed);
if (!sock)
goto out;
--
1.7.0.4


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 10-30-2010, 11:43 PM
Linus Torvalds
 
Default net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859

BugLink: http://bugs/launchpad.net/bugs/708839

CVE-2010-3859

commit 253eacc070b114c2ec1f81b067d2fed7305467b0 upstream.
Stable backported to 2.6.32.26

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
net/socket.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/net/socket.c b/net/socket.c
index 14ee367..0f00319 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1583,6 +1583,9 @@ asmlinkage long sys_sendto(int fd, void __user *buff, size_t len,
int fput_needed;
struct file *sock_file;

+ if (len > INT_MAX)
+ len = INT_MAX;
+
sock_file = fget_light(fd, &fput_needed);
err = -EBADF;
if (!sock_file)
@@ -1644,6 +1647,9 @@ asmlinkage long sys_recvfrom(int fd, void __user *ubuf, size_t size,
struct file *sock_file;
int fput_needed;

+ if (size > INT_MAX)
+ size = INT_MAX;
+
sock_file = fget_light(fd, &fput_needed);
err = -EBADF;
if (!sock_file)
--
1.7.0.4


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 01-27-2011, 07:57 PM
Tim Gardner
 
Default net: Truncate recvfrom and sendto length to INT_MAX., CVE-2010-3859

BugLink: http://bugs/launchpad.net/bugs/708839

CVE-2010-3859

Backported from commit 253eacc070b114c2ec1f81b067d2fed7305467b0 upstream.
Stable backported to 2.6.32.26

Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
net/socket.c | 6 ++++++
1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/net/socket.c b/net/socket.c
index 6e57b95..8de4725 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1522,6 +1522,9 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
struct msghdr msg;
struct iovec iov;

+ if (len > INT_MAX)
+ len = INT_MAX;
+
sock = sockfd_lookup(fd, &err);
if (!sock)
goto out;
@@ -1578,6 +1581,9 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
char address[MAX_SOCK_ADDR];
int err,err2;

+ if (size > INT_MAX)
+ size = INT_MAX;
+
sock = sockfd_lookup(fd, &err);
if (!sock)
goto out;
--
1.7.0.4
 

Thread Tools




All times are GMT. The time now is 02:35 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org