rpms/kernel/FC-4 linux-2.6-selinux-addrlen-checks.patch, NONE, 1.1 kernel-2.6.spec, 1.1407, 1.1408
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Aug 3 22:22:15 UTC 2005
Author: davej
Update of /cvs/dist/rpms/kernel/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv11053
Modified Files:
kernel-2.6.spec
Added Files:
linux-2.6-selinux-addrlen-checks.patch
Log Message:
Fix addrlen checks in selinux_socket_connect. (#164165)
linux-2.6-selinux-addrlen-checks.patch:
hooks.c | 4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
--- NEW FILE linux-2.6-selinux-addrlen-checks.patch ---
Index: linux-2.6/security/selinux/hooks.c
===================================================================
RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v
retrieving revision 1.168
diff -u -p -r1.168 hooks.c
--- linux-2.6/security/selinux/hooks.c 20 Jun 2005 15:19:44 -0000 1.168
+++ linux-2.6/security/selinux/hooks.c 28 Jul 2005 13:24:25 -0000
@@ -3123,12 +3123,12 @@ static int selinux_socket_connect(struct
if (sk->sk_family == PF_INET) {
addr4 = (struct sockaddr_in *)address;
- if (addrlen != sizeof(struct sockaddr_in))
+ if (addrlen < sizeof(struct sockaddr_in))
return -EINVAL;
snum = ntohs(addr4->sin_port);
} else {
addr6 = (struct sockaddr_in6 *)address;
- if (addrlen != sizeof(struct sockaddr_in6))
+ if (addrlen < SIN6_LEN_RFC2133)
return -EINVAL;
snum = ntohs(addr6->sin6_port);
}
Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-4/kernel-2.6.spec,v
retrieving revision 1.1407
retrieving revision 1.1408
diff -u -r1.1407 -r1.1408
--- kernel-2.6.spec 3 Aug 2005 22:17:26 -0000 1.1407
+++ kernel-2.6.spec 3 Aug 2005 22:22:12 -0000 1.1408
@@ -354,6 +354,7 @@
Patch1920: linux-2.6.12-acpi-legacy-irq.patch
Patch1930: linux-2.6-appletouch-update.patch
Patch1940: linux-2.6-acpi-backport.patch
+Patch1950: linux-2.6-selinux-addrlen-checks.patch
Patch2000: linux-2.6.11-vm-taint.patch
Patch2001: linux-2.6.9-vm-oomkiller-debugging.patch
@@ -817,6 +818,8 @@
%patch1930 -p1
# ACPI backport from 2.6.13rc4
%patch1940 -p1
+# Fix addrlen checks in selinux_socket_connect
+%patch1950 -p1
#
# VM related fixes.
@@ -1284,6 +1287,7 @@
- Stop usbhid driver incorrectly claiming Wireless Security Lock as a mouse. (#147479)
- Further NFSD fixing for non-standard ports.
- Fix up miscalculated i_nlink in /proc (#162418)
+- Fix addrlen checks in selinux_socket_connect. (#164165)
* Fri Jul 29 2005 Dave Jones <davej at redhat.com>
- Include backport of 2.6.13rc4 ACPI (acpi-20050708-2.6.12.patch)
More information about the fedora-cvs-commits
mailing list