rpms/kernel/F-9 linux-2.6-netdev-tehuti-check-register-size.patch, NONE, 1.1 kernel.spec, 1.630, 1.631
Chuck Ebbert (cebbert)
fedora-extras-commits at redhat.com
Wed Apr 30 06:54:31 UTC 2008
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-9
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv28482
Modified Files:
kernel.spec
Added Files:
linux-2.6-netdev-tehuti-check-register-size.patch
Log Message:
* Tue Apr 29 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.25-12
- Fix CVE-2008-1675; patches taken from 2.6.25.1-rc1.
linux-2.6-netdev-tehuti-check-register-size.patch:
--- NEW FILE linux-2.6-netdev-tehuti-check-register-size.patch ---
>From 6131a2601f42cd7fdbac0e960713396fe68af59f Mon Sep 17 00:00:00 2001
From: Francois Romieu <romieu at fr.zoreil.com>
Date: Sun, 20 Apr 2008 19:32:34 +0200
Subject: tehuti: check register size (CVE-2008-1675)
From: Francois Romieu <romieu at fr.zoreil.com>
commit 6131a2601f42cd7fdbac0e960713396fe68af59f upstream
Signed-off-by: Francois Romieu <romieu at fr.zoreil.com>
Signed-off-by: Jeff Garzik <jgarzik at redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
---
drivers/net/tehuti.c | 14 ++++++++++++++
1 file changed, 14 insertions(+)
--- a/drivers/net/tehuti.c
+++ b/drivers/net/tehuti.c
@@ -625,6 +625,12 @@ static void __init bdx_firmware_endianes
s_firmLoad[i] = CPU_CHIP_SWAP32(s_firmLoad[i]);
}
+static int bdx_range_check(struct bdx_priv *priv, u32 offset)
+{
+ return (offset > (u32) (BDX_REGS_SIZE / priv->nic->port_num)) ?
+ -EINVAL : 0;
+}
+
static int bdx_ioctl_priv(struct net_device *ndev, struct ifreq *ifr, int cmd)
{
struct bdx_priv *priv = ndev->priv;
@@ -646,6 +652,9 @@ static int bdx_ioctl_priv(struct net_dev
switch (data[0]) {
case BDX_OP_READ:
+ error = bdx_range_check(priv, data[1]);
+ if (error < 0)
+ return error;
data[2] = READ_REG(priv, data[1]);
DBG("read_reg(0x%x)=0x%x (dec %d)\n", data[1], data[2],
data[2]);
@@ -655,6 +664,11 @@ static int bdx_ioctl_priv(struct net_dev
break;
case BDX_OP_WRITE:
+ if (!capable(CAP_NET_ADMIN))
+ return -EPERM;
+ error = bdx_range_check(priv, data[1]);
+ if (error < 0)
+ return error;
WRITE_REG(priv, data[1], data[2]);
DBG("write_reg(0x%x, 0x%x)\n", data[1], data[2]);
break;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-9/kernel.spec,v
retrieving revision 1.630
retrieving revision 1.631
diff -u -r1.630 -r1.631
--- kernel.spec 25 Apr 2008 13:35:34 -0000 1.630
+++ kernel.spec 30 Apr 2008 06:53:37 -0000 1.631
@@ -644,6 +644,9 @@
# atl2 network driver
Patch2020: linux-2.6-netdev-atl2.patch
+# CVE-2008-1675
+Patch2021: linux-2.6-netdev-tehuti-check-register-size.patch
+Patch2022: linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch
# ext4 patches
Patch2100: linux-2.6-ext4-stable-queue.patch
@@ -1168,6 +1171,8 @@
ApplyPatch linux-2.6-sata-eeepc-faster.patch
ApplyPatch linux-2.6-netdev-atl2.patch
+ApplyPatch linux-2.6-netdev-tehuti-check-register-size.patch
+ApplyPatch linux-2.6-netdev-tehuti-move-ioctl-perm-check-closer-to-function-start.patch
# Nouveau DRM + drm fixes
ApplyPatch linux-2.6-drm-git-mm.patch
@@ -1792,6 +1797,9 @@
%kernel_variant_files -a /%{image_install_path}/xen*-%{KVERREL}.xen -e /etc/ld.so.conf.d/kernelcap-%{KVERREL}.xen.conf %{with_xen} xen
%changelog
+* Tue Apr 29 2008 Chuck Ebbert <cebbert at redhat.com> 2.6.25-12
+- Fix CVE-2008-1675; patches taken from 2.6.25.1-rc1.
+
* Fri Apr 25 2008 Tom "spot" Callaway <tcallawa at redhat.com> 2.6.25-11
- add sparc64 semctl fix (David Miller)
(it will be in git shortly, and can be dropped on the next git merge)
More information about the fedora-extras-commits
mailing list