| Submitter | Tim Gardner |
|---|---|
| Date | Feb. 2, 2011, 7:03 p.m. |
| Message ID | <20110202190335.46C19F89F8@sepang.rtg.net> |
| Download | mbox |
| Permalink | /patch/81517/ |
| State | Accepted |
| Delegated to: | Stefan Bader |
| Headers | show |
Pull-request
git://kernel.ubuntu.com/rtg/ubuntu-hardy.git CVE-2010-3880Comments
Postpone this one for a bit. The custom binary openvz flavour is failing. rtg
The following changes since commit 093c92021633ce7cb8f884704215eff5a0616c50: Kulikov Vasiliy (1): net: tipc: fix information leak to userland, CVE-2010-3877 are available in the git repository at: git://kernel.ubuntu.com/rtg/ubuntu-hardy.git CVE-2010-3880 Nelson Elhage (1): inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 include/net/netlink.h | 2 +- net/ipv4/inet_diag.c | 27 ++++++++++++++++----------- 2 files changed, 17 insertions(+), 12 deletions(-) From 885497675fb9365d5b38b278618fff76e3cc7938 Mon Sep 17 00:00:00 2001 From: Nelson Elhage <nelhage@ksplice.com> Date: Wed, 3 Nov 2010 16:35:41 +0000 Subject: [PATCH] inet_diag: Make sure we actually run the same bytecode we audited, CVE-2010-3880 BugLink: http://bugs.launchpad.net/bugs/711865 CVE-2010-3880 We were using nlmsg_find_attr() to look up the bytecode by attribute when auditing, but then just using the first attribute when actually running bytecode. So, if we received a message with two attribute elements, where only the second had type INET_DIAG_REQ_BYTECODE, we would validate and run different bytecode strings. Fix this by consistently using nlmsg_find_attr everywhere. Signed-off-by: Nelson Elhage <nelhage@ksplice.com> Signed-off-by: Thomas Graf <tgraf@infradead.org> Signed-off-by: David S. Miller <davem@davemloft.net> (back ported from commit 22e76c849d505d87c5ecf3d3e6742a65f0ff4860) Signed-off-by: Tim Gardner <tim.gardner@canonical.com> --- include/net/netlink.h | 2 +- net/ipv4/inet_diag.c | 27 ++++++++++++++++----------- 2 files changed, 17 insertions(+), 12 deletions(-)