diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2011-06-26 15:29:58 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2011-06-26 15:29:58 -0400 |
commit | 99cee4ac2a5d9e3c83594ccd7e137e144b103595 (patch) | |
tree | bceacf5db7d6feaa22a23694768f6b2fd1c6bbc9 | |
parent | ad9b522b29e813b29676de16a24cdcc90720e2d0 (diff) | |
download | longterm-queue-2.6.34-99cee4ac2a5d9e3c83594ccd7e137e144b103595.tar.gz |
add two CAN CVE patches
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/can-Add-missing-socket-check-in-can-bcm-release.patch | 37 | ||||
-rw-r--r-- | queue/can-add-missing-socket-check-in-can-raw-release.patch | 39 | ||||
-rw-r--r-- | queue/series | 3 |
3 files changed, 79 insertions, 0 deletions
diff --git a/queue/can-Add-missing-socket-check-in-can-bcm-release.patch b/queue/can-Add-missing-socket-check-in-can-bcm-release.patch new file mode 100644 index 0000000..1b7d976 --- /dev/null +++ b/queue/can-Add-missing-socket-check-in-can-bcm-release.patch @@ -0,0 +1,37 @@ +From 3acf1e0adee3d409e811762b0b8da99634cb6ec4 Mon Sep 17 00:00:00 2001 +From: Dave Jones <davej@redhat.com> +Date: Tue, 19 Apr 2011 20:36:59 -0700 +Subject: [PATCH] can: Add missing socket check in can/bcm release. + +commit c6914a6f261aca0c9f715f883a353ae7ff51fe83 upstream. + +We can get here with a NULL socket argument passed from userspace, +so we need to handle it accordingly. + +Signed-off-by: Dave Jones <davej@redhat.com> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + +diff --git a/net/can/bcm.c b/net/can/bcm.c +index dd23fb1..a6445fd 100644 +--- a/net/can/bcm.c ++++ b/net/can/bcm.c +@@ -1426,9 +1426,14 @@ static int bcm_init(struct sock *sk) + static int bcm_release(struct socket *sock) + { + struct sock *sk = sock->sk; +- struct bcm_sock *bo = bcm_sk(sk); ++ struct bcm_sock *bo; + struct bcm_op *op, *next; + ++ if (sk == NULL) ++ return 0; ++ ++ bo = bcm_sk(sk); ++ + /* remove bcm_ops, timer, rx_unregister(), etc. */ + + unregister_netdevice_notifier(&bo->notifier); +-- +1.7.4.4 + diff --git a/queue/can-add-missing-socket-check-in-can-raw-release.patch b/queue/can-add-missing-socket-check-in-can-raw-release.patch new file mode 100644 index 0000000..9a2d41a --- /dev/null +++ b/queue/can-add-missing-socket-check-in-can-raw-release.patch @@ -0,0 +1,39 @@ +From 40352df517ac43e9b43bbf380fe55a6198984d71 Mon Sep 17 00:00:00 2001 +From: Oliver Hartkopp <socketcan@hartkopp.net> +Date: Wed, 20 Apr 2011 01:57:15 +0000 +Subject: [PATCH] can: add missing socket check in can/raw release + +commit 10022a6c66e199d8f61d9044543f38785713cbbd upstream. + +v2: added space after 'if' according code style. + +We can get here with a NULL socket argument passed from userspace, +so we need to handle it accordingly. + +Thanks to Dave Jones pointing at this issue in net/can/bcm.c + +Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net> +Signed-off-by: David S. Miller <davem@davemloft.net> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + +diff --git a/net/can/raw.c b/net/can/raw.c +index da99cf1..9dd45ea 100644 +--- a/net/can/raw.c ++++ b/net/can/raw.c +@@ -281,7 +281,12 @@ static int raw_init(struct sock *sk) + static int raw_release(struct socket *sock) + { + struct sock *sk = sock->sk; +- struct raw_sock *ro = raw_sk(sk); ++ struct raw_sock *ro; ++ ++ if (!sk) ++ return 0; ++ ++ ro = raw_sk(sk); + + unregister_netdevice_notifier(&ro->notifier); + +-- +1.7.4.4 + diff --git a/queue/series b/queue/series index 28302b0..edfc310 100644 --- a/queue/series +++ b/queue/series @@ -9,3 +9,6 @@ aio-wake-all-waiters-when-destroying-ctx.patch # Content taken from v2.6.32.40 next_pidmap-fix-overflow-condition.patch proc-do-proper-range-check-on-readdir-offset.patch +can-Add-missing-socket-check-in-can-bcm-release.patch +can-add-missing-socket-check-in-can-raw-release.patch + |