| Message ID | 1300382518.1813.9.camel@emiko |
|---|---|
| State | New |
| Headers | show |
On 03/17/2011 11:21 AM, Leann Ogasawara wrote: > The following changes since commit 2ce9a046a401ab70b7719085dd1b51e2f4a56a42: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.15-57.95 > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-dapper.git CVE-2010-4342 > > David S. Miller (1): > econet: Fix crash in aun_incoming(). CVE-2010-4342 > > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > From fcc3cf92b02691d932ebb28d01da00b528a71fe0 Mon Sep 17 00:00:00 2001 > From: David S. Miller<davem@davemloft.net> > Date: Wed, 8 Dec 2010 18:42:23 -0800 > Subject: [PATCH] econet: Fix crash in aun_incoming(). CVE-2010-4342 > > CVE-2010-4342 > > BugLink: http://bugs.launchpad.net/bugs/736394 > > Unconditional use of skb->dev won't work here, > try to fetch the econet device via skb_dst()->dev > instead. > > Suggested by Eric Dumazet. > > Reported-by: Nelson Elhage<nelhage@ksplice.com> > Tested-by: Nelson Elhage<nelhage@ksplice.com> > Signed-off-by: David S. Miller<davem@davemloft.net> > (backport of upstream commit 4e085e76cbe558b79b54cbab772f61185879bc64) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c > index 76b2995..d41811e 100644 > --- a/net/econet/af_econet.c > +++ b/net/econet/af_econet.c > @@ -806,8 +806,12 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len) > struct iphdr *ip = skb->nh.iph; > unsigned char stn = ntohl(ip->saddr)& 0xff; > struct sock *sk; > + struct dst_entry *dst = skb->dst; > + struct ec_device *edev = NULL; > struct sk_buff *newskb; > - struct ec_device *edev = skb->dev->ec_ptr; > + > + if (dst) > + edev = dst->dev->ec_ptr; > > if (! edev) > goto bad; Acked-by: Tim Gardner <tim.gardner@canonical.com>
On 03/17/2011 10:21 AM, Leann Ogasawara wrote: > The following changes since commit 2ce9a046a401ab70b7719085dd1b51e2f4a56a42: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.15-57.95 > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-dapper.git CVE-2010-4342 > > David S. Miller (1): > econet: Fix crash in aun_incoming(). CVE-2010-4342 > > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > From fcc3cf92b02691d932ebb28d01da00b528a71fe0 Mon Sep 17 00:00:00 2001 > From: David S. Miller<davem@davemloft.net> > Date: Wed, 8 Dec 2010 18:42:23 -0800 > Subject: [PATCH] econet: Fix crash in aun_incoming(). CVE-2010-4342 > > CVE-2010-4342 > > BugLink: http://bugs.launchpad.net/bugs/736394 > > Unconditional use of skb->dev won't work here, > try to fetch the econet device via skb_dst()->dev > instead. > > Suggested by Eric Dumazet. > > Reported-by: Nelson Elhage<nelhage@ksplice.com> > Tested-by: Nelson Elhage<nelhage@ksplice.com> > Signed-off-by: David S. Miller<davem@davemloft.net> > (backport of upstream commit 4e085e76cbe558b79b54cbab772f61185879bc64) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c > index 76b2995..d41811e 100644 > --- a/net/econet/af_econet.c > +++ b/net/econet/af_econet.c > @@ -806,8 +806,12 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len) > struct iphdr *ip = skb->nh.iph; > unsigned char stn = ntohl(ip->saddr)& 0xff; > struct sock *sk; > + struct dst_entry *dst = skb->dst; > + struct ec_device *edev = NULL; > struct sk_buff *newskb; > - struct ec_device *edev = skb->dev->ec_ptr; > + > + if (dst) > + edev = dst->dev->ec_ptr; > > if (! edev) > goto bad; Acked-by: Brad Figg <brad.figg@canonical.com>
On 03/17/2011 11:21 AM, Leann Ogasawara wrote: > The following changes since commit 2ce9a046a401ab70b7719085dd1b51e2f4a56a42: > Brad Figg (1): > UBUNTU: Ubuntu-2.6.15-57.95 > > are available in the git repository at: > > git://kernel.ubuntu.com/ogasawara/ubuntu-dapper.git CVE-2010-4342 > > David S. Miller (1): > econet: Fix crash in aun_incoming(). CVE-2010-4342 > > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > From fcc3cf92b02691d932ebb28d01da00b528a71fe0 Mon Sep 17 00:00:00 2001 > From: David S. Miller<davem@davemloft.net> > Date: Wed, 8 Dec 2010 18:42:23 -0800 > Subject: [PATCH] econet: Fix crash in aun_incoming(). CVE-2010-4342 > > CVE-2010-4342 > > BugLink: http://bugs.launchpad.net/bugs/736394 > > Unconditional use of skb->dev won't work here, > try to fetch the econet device via skb_dst()->dev > instead. > > Suggested by Eric Dumazet. > > Reported-by: Nelson Elhage<nelhage@ksplice.com> > Tested-by: Nelson Elhage<nelhage@ksplice.com> > Signed-off-by: David S. Miller<davem@davemloft.net> > (backport of upstream commit 4e085e76cbe558b79b54cbab772f61185879bc64) > > Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com> > --- > net/econet/af_econet.c | 6 +++++- > 1 files changed, 5 insertions(+), 1 deletions(-) > > diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c > index 76b2995..d41811e 100644 > --- a/net/econet/af_econet.c > +++ b/net/econet/af_econet.c > @@ -806,8 +806,12 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len) > struct iphdr *ip = skb->nh.iph; > unsigned char stn = ntohl(ip->saddr)& 0xff; > struct sock *sk; > + struct dst_entry *dst = skb->dst; > + struct ec_device *edev = NULL; > struct sk_buff *newskb; > - struct ec_device *edev = skb->dev->ec_ptr; > + > + if (dst) > + edev = dst->dev->ec_ptr; > > if (! edev) > goto bad; applied
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c index 76b2995..d41811e 100644 --- a/net/econet/af_econet.c +++ b/net/econet/af_econet.c @@ -806,8 +806,12 @@ static void aun_incoming(struct sk_buff *skb, struct aunhdr *ah, size_t len) struct iphdr *ip = skb->nh.iph; unsigned char stn = ntohl(ip->saddr) & 0xff; struct sock *sk; + struct dst_entry *dst = skb->dst; + struct ec_device *edev = NULL; struct sk_buff *newskb; - struct ec_device *edev = skb->dev->ec_ptr; + + if (dst) + edev = dst->dev->ec_ptr; if (! edev) goto bad;
The following changes since commit 2ce9a046a401ab70b7719085dd1b51e2f4a56a42: Brad Figg (1): UBUNTU: Ubuntu-2.6.15-57.95 are available in the git repository at: git://kernel.ubuntu.com/ogasawara/ubuntu-dapper.git CVE-2010-4342 David S. Miller (1): econet: Fix crash in aun_incoming(). CVE-2010-4342 net/econet/af_econet.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) From fcc3cf92b02691d932ebb28d01da00b528a71fe0 Mon Sep 17 00:00:00 2001 From: David S. Miller <davem@davemloft.net> Date: Wed, 8 Dec 2010 18:42:23 -0800 Subject: [PATCH] econet: Fix crash in aun_incoming(). CVE-2010-4342 CVE-2010-4342 BugLink: http://bugs.launchpad.net/bugs/736394 Unconditional use of skb->dev won't work here, try to fetch the econet device via skb_dst()->dev instead. Suggested by Eric Dumazet. Reported-by: Nelson Elhage <nelhage@ksplice.com> Tested-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: David S. Miller <davem@davemloft.net> (backport of upstream commit 4e085e76cbe558b79b54cbab772f61185879bc64) Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com> --- net/econet/af_econet.c | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-)