Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicolai Stange <nstange@suse.de>2019-03-06 14:47:25 +0100
committerNicolai Stange <nstange@suse.de>2019-03-06 14:47:25 +0100
commitf0e6112825ec322fb1725c0395d169b29a308db7 (patch)
tree99f9cc223a6341b369f982ccdee6b88924d17f6b
parent4c9eb70c86cceee420856573ea1e21835c92980b (diff)
Fix for CVE-2019-8912 ("af_alg_release() in crypto/af_alg.c neglects to set a NULL value for a certain structure member, which leads to a use-after-free in sockfs_setattr")
Live patch for CVE-2019-8912. Upstream commit 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release."). KLP: CVE-2019-8912 References: bsc#1126284 CVE-2019-8912 Signed-off-by: Nicolai Stange <nstange@suse.de>
-rw-r--r--bsc1126284/livepatch_bsc1126284.c66
-rw-r--r--bsc1126284/livepatch_bsc1126284.h12
-rw-r--r--bsc1126284/patched_funcs.csv1
3 files changed, 79 insertions, 0 deletions
diff --git a/bsc1126284/livepatch_bsc1126284.c b/bsc1126284/livepatch_bsc1126284.c
new file mode 100644
index 0000000..b49f9b5
--- /dev/null
+++ b/bsc1126284/livepatch_bsc1126284.c
@@ -0,0 +1,66 @@
+/*
+ * livepatch_bsc1126284
+ *
+ * Fix for CVE-2019-8912, bsc#1126284
+ *
+ * Upstream commit:
+ * 9060cb719e61 ("net: crypto set sk to NULL when af_alg_release.")
+ *
+ * SLE12(-SP1) commit:
+ * not affected
+ *
+ * SLE12-SP2 commit:
+ * not affected
+ *
+ * SLE12-SP3 commit:
+ * not affected
+ *
+ * SLE12-SP4 commit:
+ * 9863801ecea339cdc5196b28f4f69a866265b3da
+ *
+ * SLE15 commit:
+ * 9863801ecea339cdc5196b28f4f69a866265b3da
+ *
+ *
+ * Copyright (c) 2019 SUSE
+ * Author: Nicolai Stange <nstange@suse.de>
+ *
+ * Based on the original Linux kernel code. Other copyrights apply.
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include <linux/kernel.h>
+#include <linux/net.h>
+#include <net/sock.h>
+#include "livepatch_bsc1126284.h"
+
+#if !IS_MODULE(CONFIG_CRYPTO_USER_API)
+#error "Live patch supports only CONFIG_CRYPTO_USER_API=m"
+#endif
+
+
+/* patched */
+int klp_af_alg_release(struct socket *sock)
+{
+ /*
+ * Fix CVE-2019-8912
+ * -2 lines, +4 lines
+ */
+ if (sock->sk) {
+ sock_put(sock->sk);
+ sock->sk = NULL;
+ }
+ return 0;
+}
diff --git a/bsc1126284/livepatch_bsc1126284.h b/bsc1126284/livepatch_bsc1126284.h
new file mode 100644
index 0000000..fca0e97
--- /dev/null
+++ b/bsc1126284/livepatch_bsc1126284.h
@@ -0,0 +1,12 @@
+#ifndef _LIVEPATCH_BSC1126284_H
+#define _LIVEPATCH_BSC1126284_H
+
+static inline int livepatch_bsc1126284_init(void) { return 0; }
+static inline void livepatch_bsc1126284_cleanup(void) {}
+
+
+struct socket;
+
+int klp_af_alg_release(struct socket *sock);
+
+#endif /* _LIVEPATCH_BSC1126284_H */
diff --git a/bsc1126284/patched_funcs.csv b/bsc1126284/patched_funcs.csv
new file mode 100644
index 0000000..7951bc9
--- /dev/null
+++ b/bsc1126284/patched_funcs.csv
@@ -0,0 +1 @@
+af_alg af_alg_release klp_af_alg_release