From patchwork Thu Feb 17 15:58:54 2011
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tim Gardner <timg@tpi.com>
X-Patchwork-Id: 83457
Return-Path: <kernel-team-bounces@lists.ubuntu.com>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Received: from chlorine.canonical.com (chlorine.canonical.com
	[91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 06DDBB7110
	for <incoming@patchwork.ozlabs.org>;
	Fri, 18 Feb 2011 02:59:15 +1100 (EST)
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <kernel-team-bounces@lists.ubuntu.com>)
	id 1Pq6G2-0005Jd-CJ; Thu, 17 Feb 2011 15:59:06 +0000
Received: from mail.tpi.com ([70.99.223.143])
	by chlorine.canonical.com with esmtp (Exim 4.71)
	(envelope-from <timg@tpi.com>) id 1Pq6Fz-0005JH-6u
	for kernel-team@lists.ubuntu.com; Thu, 17 Feb 2011 15:59:03 +0000
Received: from sepang.rtg.net (unknown [10.0.2.5])
	by mail.tpi.com (Postfix) with ESMTP id 317AC29E9E3
	for <kernel-team@lists.ubuntu.com>;
	Thu, 17 Feb 2011 07:58:51 -0800 (PST)
Received: by sepang.rtg.net (Postfix, from userid 1000)
	id 2D097F89F8; Thu, 17 Feb 2011 08:58:54 -0700 (MST)
To: kernel-team@lists.ubuntu.com
Subject: Dapper CVE: tty: Make tiocgicount a handler, CVE-2010-4076
Message-Id: <20110217155854.2D097F89F8@sepang.rtg.net>
Date: Thu, 17 Feb 2011 08:58:54 -0700 (MST)
From: timg@tpi.com (Tim Gardner)
X-BeenThere: kernel-team@lists.ubuntu.com
X-Mailman-Version: 2.1.13
Precedence: list
List-Id: Kernel team discussions <kernel-team.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/options/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/kernel-team>
List-Post: <mailto:kernel-team@lists.ubuntu.com>
List-Help: <mailto:kernel-team-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/kernel-team>,
	<mailto:kernel-team-request@lists.ubuntu.com?subject=subscribe>
MIME-Version: 1.0
Sender: kernel-team-bounces@lists.ubuntu.com
Errors-To: kernel-team-bounces@lists.ubuntu.com

The following changes since commit 2b4d107cba9ec532e112376537273155825999cf:
  Alan Cox (1):
        bluetooth: Fix missing NULL check, CVE-2010-4242

are available in the git repository at:

  git://kernel.ubuntu.com/rtg/ubuntu-dapper.git CVE-2010-4076

Tim Gardner (1):
      tty: Make tiocgicount a handler, CVE-2010-4076

 drivers/char/tty_io.c           |   18 ++++++++++++++++++
 drivers/serial/serial_core.c    |   37 +++++++++++++++++--------------------
 drivers/usb/serial/usb-serial.c |   13 +++++++++++++
 drivers/usb/serial/usb-serial.h |    2 ++
 include/linux/tty_driver.h      |   11 +++++++++++
 5 files changed, 61 insertions(+), 20 deletions(-)

From bd52ed455730f65da02c7170591065b13b89c3b4 Mon Sep 17 00:00:00 2001
From: Tim Gardner <tim.gardner@canonical.com>
Date: Wed, 16 Feb 2011 13:09:41 -0700
Subject: [PATCH] tty: Make tiocgicount a handler, CVE-2010-4076

BugLink: http://bugs.launchpad.net/bugs/720189

CVE-2010-4076

Dan Rosenberg noted that various drivers return the struct with uncleared
fields. Instead of spending forever trying to stomp all the drivers that
get it wrong (and every new driver) do the job in one place.

This first patch adds the needed operations and hooks them up, including
the needed USB midlayer and serial core plumbing.

Signed-off-by: Alan Cox <alan@linux.intel.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

(backported from commit d281da7ff6f70efca0553c288bb883e8605b3862)

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
 drivers/char/tty_io.c           |   18 ++++++++++++++++++
 drivers/serial/serial_core.c    |   37 +++++++++++++++++--------------------
 drivers/usb/serial/usb-serial.c |   13 +++++++++++++
 drivers/usb/serial/usb-serial.h |    2 ++
 include/linux/tty_driver.h      |   11 +++++++++++
 5 files changed, 61 insertions(+), 20 deletions(-)