Home Home > GIT Browse > SLE15-SP1-AZURE
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGreg Kroah-Hartman <gregkh@suse.de>2008-06-06 23:55:22 +0000
committerGreg Kroah-Hartman <gregkh@suse.de>2008-06-06 23:55:22 +0000
commit3aabaf02d4c1087e1281cb15a44505b15951eb12 (patch)
tree686ed0a49867eb8b9504bee6c1b712f530c8e43c
parent8b530aeee9b06e05cfa1614eeab1bf07ac201dcd (diff)
- fixes CVE-2008-1673
-rw-r--r--kernel-source.changes6
-rw-r--r--patches.kernel.org/patch-2.6.25.4-596
-rw-r--r--series.conf1
3 files changed, 103 insertions, 0 deletions
diff --git a/kernel-source.changes b/kernel-source.changes
index cffecbeddb..5b1aa31cd9 100644
--- a/kernel-source.changes
+++ b/kernel-source.changes
@@ -1,4 +1,10 @@
-------------------------------------------------------------------
+Sat Jun 7 01:51:16 CEST 2008 - gregkh@suse.de
+
+- Update to 2.6.25.5.
+ - fixes CVE-2008-1673
+
+-------------------------------------------------------------------
Fri Jun 6 12:15:17 CEST 2008 - tiwai@suse.de
- add missing patches.rt/ftrace-add-nr_syscalls.patch for fixing
diff --git a/patches.kernel.org/patch-2.6.25.4-5 b/patches.kernel.org/patch-2.6.25.4-5
new file mode 100644
index 0000000000..bbc3509ca8
--- /dev/null
+++ b/patches.kernel.org/patch-2.6.25.4-5
@@ -0,0 +1,96 @@
+From: Greg Kroah-Hartman <gregkh@suse.de>
+Subject: Linux 2.6.25.5
+
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+diff --git a/Makefile b/Makefile
+index d921f0b..c5208db 100644
+--- a/Makefile
++++ b/Makefile
+@@ -1,7 +1,7 @@
+ VERSION = 2
+ PATCHLEVEL = 6
+ SUBLEVEL = 25
+-EXTRAVERSION = .4
++EXTRAVERSION = .5
+ NAME = Funky Weasel is Jiggy wit it
+
+ # *DOCUMENTATION*
+diff --git a/fs/cifs/asn1.c b/fs/cifs/asn1.c
+index bcda2c6..5dbba89 100644
+--- a/fs/cifs/asn1.c
++++ b/fs/cifs/asn1.c
+@@ -186,6 +186,11 @@ asn1_length_decode(struct asn1_ctx *ctx, unsigned int *def, unsigned int *len)
+ }
+ }
+ }
++
++ /* don't trust len bigger than ctx buffer */
++ if (*len > ctx->end - ctx->pointer)
++ return 0;
++
+ return 1;
+ }
+
+@@ -203,6 +208,10 @@ asn1_header_decode(struct asn1_ctx *ctx,
+ if (!asn1_length_decode(ctx, &def, &len))
+ return 0;
+
++ /* primitive shall be definite, indefinite shall be constructed */
++ if (*con == ASN1_PRI && !def)
++ return 0;
++
+ if (def)
+ *eoc = ctx->pointer + len;
+ else
+@@ -389,6 +398,11 @@ asn1_oid_decode(struct asn1_ctx *ctx,
+ unsigned long *optr;
+
+ size = eoc - ctx->pointer + 1;
++
++ /* first subid actually encodes first two subids */
++ if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
++ return 0;
++
+ *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
+ if (*oid == NULL)
+ return 0;
+diff --git a/net/ipv4/netfilter/nf_nat_snmp_basic.c b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+index 540ce6a..5f35f0b 100644
+--- a/net/ipv4/netfilter/nf_nat_snmp_basic.c
++++ b/net/ipv4/netfilter/nf_nat_snmp_basic.c
+@@ -231,6 +231,11 @@ static unsigned char asn1_length_decode(struct asn1_ctx *ctx,
+ }
+ }
+ }
++
++ /* don't trust len bigger than ctx buffer */
++ if (*len > ctx->end - ctx->pointer)
++ return 0;
++
+ return 1;
+ }
+
+@@ -249,6 +254,10 @@ static unsigned char asn1_header_decode(struct asn1_ctx *ctx,
+ if (!asn1_length_decode(ctx, &def, &len))
+ return 0;
+
++ /* primitive shall be definite, indefinite shall be constructed */
++ if (*con == ASN1_PRI && !def)
++ return 0;
++
+ if (def)
+ *eoc = ctx->pointer + len;
+ else
+@@ -433,6 +442,11 @@ static unsigned char asn1_oid_decode(struct asn1_ctx *ctx,
+ unsigned long *optr;
+
+ size = eoc - ctx->pointer + 1;
++
++ /* first subid actually encodes first two subids */
++ if (size < 2 || size > ULONG_MAX/sizeof(unsigned long))
++ return 0;
++
+ *oid = kmalloc(size * sizeof(unsigned long), GFP_ATOMIC);
+ if (*oid == NULL) {
+ if (net_ratelimit())
diff --git a/series.conf b/series.conf
index bdab176cef..81ec0b203f 100644
--- a/series.conf
+++ b/series.conf
@@ -31,6 +31,7 @@
patches.kernel.org/patch-2.6.25.1-2
patches.kernel.org/patch-2.6.25.2-3
patches.kernel.org/patch-2.6.25.3-4
+ patches.kernel.org/patch-2.6.25.4-5
########################################################
# Build fixes that apply to the vanilla kernel too.