Patchwork [00/11,lucid/master] CVE-2010-4251 v2

login
register
mail settings
Submitter Paolo Pisati
Date July 12, 2011, 3:51 p.m.
Message ID <4E1C6D6A.7070308@canonical.com>
Download mbox
Permalink /patch/104405/
State New
Headers show

Pull-request

git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next

Comments

Paolo Pisati - July 12, 2011, 3:51 p.m.
On 07/12/2011 11:01 AM, Stefan Bader wrote:
> On 11.07.2011 18:14, Tim Gardner wrote:
>> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>>
>>>> While researching these patches I stumbled across some further analysis
>>>> of this vulnerability by Eugene Teo at
>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>>> problem.
>>>
>>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>>> account")? saw that, and is handled in another CVE in our db
>>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>>
>>
>> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
>> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>>
>> rtg
> 
> If it really is the same patch fixing both, it would be possible to have both
> cves referenced there. As it sounds like they got another cve number for fixing
> the fix it sounds more like a matter of submission.
> It should work if Paolo marked the respective patches with the matching cve but
> submitted them as one review. And anything prerequisite gets the cve number of
> whatever was the first that needed it to apply...

let's do it in a single pull, shall we?

The following changes since commit 24292e1c2aa8faa18b39e090a5c41cc51626e069:

  Linux 2.6.32.42+drm33.19 (2011-07-08 06:51:06 -0600)

are available in the git repository at:
  git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next

Eric Dumazet (4):
      ipv6: udp: Optimise multicast reception
      ipv4: udp: Optimise multicast reception
      udp: multicast RX should increment SNMP/sk_drops counter in
allocation failures CVE-2010-4251
      net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805

Zhu Yi (8):
      net: add limit for socket backlog CVE-2010-4251
      tcp: use limited socket backlog CVE-2010-4251
      udp: use limited socket backlog CVE-2010-4251
      llc: use limited socket backlog CVE-2010-4251
      sctp: use limited socket backlog CVE-2010-4251
      tipc: use limited socket backlog CVE-2010-4251
      x25: use limited socket backlog CVE-2010-4251
      net: backlog functions rename CVE-2010-4251

 include/net/sock.h       |   26 +++++++++++-
 net/core/sock.c          |   19 ++++++++-
 net/dccp/minisocks.c     |    2 +-
 net/ipv4/tcp_ipv4.c      |    6 ++-
 net/ipv4/tcp_minisocks.c |    2 +-
 net/ipv4/udp.c           |   96
++++++++++++++++++++++++++++++++-------------
 net/ipv6/tcp_ipv6.c      |    6 ++-
 net/ipv6/udp.c           |   97
+++++++++++++++++++++++++++++++++------------
 net/llc/llc_c_ac.c       |    2 +-
 net/llc/llc_conn.c       |    3 +-
 net/sctp/input.c         |   42 +++++++++++++-------
 net/tipc/socket.c        |    6 ++-
 net/x25/x25_dev.c        |    2 +-
 13 files changed, 225 insertions(+), 84 deletions(-)

Same as the previous patch series, plus the 2010-4805 patch.
Tim Gardner - July 12, 2011, 5:56 p.m.
On 07/12/2011 09:51 AM, Paolo Pisati wrote:
> On 07/12/2011 11:01 AM, Stefan Bader wrote:
>> On 11.07.2011 18:14, Tim Gardner wrote:
>>> On 07/11/2011 10:03 AM, Paolo Pisati wrote:
>>>> On 07/11/2011 05:23 PM, Tim Gardner wrote:
>>>>>
>>>>> While researching these patches I stumbled across some further analysis
>>>>> of this vulnerability by Eugene Teo at
>>>>> https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2010-4251 in which he
>>>>> includes a 2.6.35 patch from Eric Duzamet which really, really fixes the
>>>>> problem.
>>>>
>>>> you mean c377411f24 ("net: sk_add_backlog() take rmem_alloc into
>>>> account")? saw that, and is handled in another CVE in our db
>>>> (CVE-2010-4805), so i wanted to issue a subsequent pull.
>>>>
>>>
>>> Since both CVEs address the same issue, I wonder if we shouldn't just fix them
>>> in the same patch set. Perhaps mark CVE-2010-4251 as a duplicate of CVE-2010-4805 ?
>>>
>>> rtg
>>
>> If it really is the same patch fixing both, it would be possible to have both
>> cves referenced there. As it sounds like they got another cve number for fixing
>> the fix it sounds more like a matter of submission.
>> It should work if Paolo marked the respective patches with the matching cve but
>> submitted them as one review. And anything prerequisite gets the cve number of
>> whatever was the first that needed it to apply...
>
> let's do it in a single pull, shall we?
>
> The following changes since commit 24292e1c2aa8faa18b39e090a5c41cc51626e069:
>
>    Linux 2.6.32.42+drm33.19 (2011-07-08 06:51:06 -0600)
>
> are available in the git repository at:
>    git://kernel.ubuntu.com/ppisati/ubuntu-lucid.git master-next
>
> Eric Dumazet (4):
>        ipv6: udp: Optimise multicast reception
>        ipv4: udp: Optimise multicast reception
>        udp: multicast RX should increment SNMP/sk_drops counter in
> allocation failures CVE-2010-4251
>        net: sk_add_backlog() take rmem_alloc into account CVE-2010-4805
>
> Zhu Yi (8):
>        net: add limit for socket backlog CVE-2010-4251
>        tcp: use limited socket backlog CVE-2010-4251
>        udp: use limited socket backlog CVE-2010-4251
>        llc: use limited socket backlog CVE-2010-4251
>        sctp: use limited socket backlog CVE-2010-4251
>        tipc: use limited socket backlog CVE-2010-4251
>        x25: use limited socket backlog CVE-2010-4251
>        net: backlog functions rename CVE-2010-4251
>
>   include/net/sock.h       |   26 +++++++++++-
>   net/core/sock.c          |   19 ++++++++-
>   net/dccp/minisocks.c     |    2 +-
>   net/ipv4/tcp_ipv4.c      |    6 ++-
>   net/ipv4/tcp_minisocks.c |    2 +-
>   net/ipv4/udp.c           |   96
> ++++++++++++++++++++++++++++++++-------------
>   net/ipv6/tcp_ipv6.c      |    6 ++-
>   net/ipv6/udp.c           |   97
> +++++++++++++++++++++++++++++++++------------
>   net/llc/llc_c_ac.c       |    2 +-
>   net/llc/llc_conn.c       |    3 +-
>   net/sctp/input.c         |   42 +++++++++++++-------
>   net/tipc/socket.c        |    6 ++-
>   net/x25/x25_dev.c        |    2 +-
>   13 files changed, 225 insertions(+), 84 deletions(-)
>
> Same as the previous patch series, plus the 2010-4805 patch.
>