rpms/kernel/FC-4 linux-2.6-selinux-addrlen-checks.patch, NONE, 1.1 kernel-2.6.spec, 1.1407, 1.1408

fedora-cvs-commits at redhat.com fedora-cvs-commits at redhat.com
Wed Aug 3 22:22:15 UTC 2005 

Author: davej

Update of /cvs/dist/rpms/kernel/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv11053

Modified Files:
	kernel-2.6.spec 
Added Files:
	linux-2.6-selinux-addrlen-checks.patch 
Log Message:
Fix addrlen checks in selinux_socket_connect. (#164165)



linux-2.6-selinux-addrlen-checks.patch:
 hooks.c |    4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

--- NEW FILE linux-2.6-selinux-addrlen-checks.patch ---
Index: linux-2.6/security/selinux/hooks.c
===================================================================
RCS file: /nfshome/pal/CVS/linux-2.6/security/selinux/hooks.c,v
retrieving revision 1.168
diff -u -p -r1.168 hooks.c
--- linux-2.6/security/selinux/hooks.c	20 Jun 2005 15:19:44 -0000	1.168
+++ linux-2.6/security/selinux/hooks.c	28 Jul 2005 13:24:25 -0000
@@ -3123,12 +3123,12 @@ static int selinux_socket_connect(struct
 
 		if (sk->sk_family == PF_INET) {
 			addr4 = (struct sockaddr_in *)address;
-			if (addrlen != sizeof(struct sockaddr_in))
+			if (addrlen < sizeof(struct sockaddr_in))
 				return -EINVAL;
 			snum = ntohs(addr4->sin_port);
 		} else {
 			addr6 = (struct sockaddr_in6 *)address;
-			if (addrlen != sizeof(struct sockaddr_in6))
+			if (addrlen < SIN6_LEN_RFC2133)
 				return -EINVAL;
 			snum = ntohs(addr6->sin6_port);
 		}


Index: kernel-2.6.spec
===================================================================
RCS file: /cvs/dist/rpms/kernel/FC-4/kernel-2.6.spec,v
retrieving revision 1.1407
retrieving revision 1.1408
diff -u -r1.1407 -r1.1408
--- kernel-2.6.spec	3 Aug 2005 22:17:26 -0000	1.1407
+++ kernel-2.6.spec	3 Aug 2005 22:22:12 -0000	1.1408
@@ -354,6 +354,7 @@
 Patch1920: linux-2.6.12-acpi-legacy-irq.patch
 Patch1930: linux-2.6-appletouch-update.patch
 Patch1940: linux-2.6-acpi-backport.patch
+Patch1950: linux-2.6-selinux-addrlen-checks.patch
 
 Patch2000: linux-2.6.11-vm-taint.patch
 Patch2001: linux-2.6.9-vm-oomkiller-debugging.patch
@@ -817,6 +818,8 @@
 %patch1930 -p1
 # ACPI backport from 2.6.13rc4
 %patch1940 -p1
+# Fix addrlen checks in selinux_socket_connect
+%patch1950 -p1
 
 #
 # VM related fixes.
@@ -1284,6 +1287,7 @@
 - Stop usbhid driver incorrectly claiming Wireless Security Lock as a mouse. (#147479)
 - Further NFSD fixing for non-standard ports.
 - Fix up miscalculated i_nlink in /proc (#162418)
+- Fix addrlen checks in selinux_socket_connect. (#164165)
 
 * Fri Jul 29 2005 Dave Jones <davej at redhat.com>
 - Include backport of 2.6.13rc4 ACPI (acpi-20050708-2.6.12.patch)

More information about the fedora-cvs-commits mailing list