From patchwork Thu Feb 17 18:00:43 2011 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tim Gardner X-Patchwork-Id: 83463 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from chlorine.canonical.com (chlorine.canonical.com [91.189.94.204]) by ozlabs.org (Postfix) with ESMTP id 98EFFB7126 for ; Fri, 18 Feb 2011 05:00:59 +1100 (EST) Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Pq89t-0001yN-03; Thu, 17 Feb 2011 18:00:53 +0000 Received: from mail.tpi.com ([70.99.223.143]) by chlorine.canonical.com with esmtp (Exim 4.71) (envelope-from ) id 1Pq89o-0001wF-SM for kernel-team@lists.ubuntu.com; Thu, 17 Feb 2011 18:00:49 +0000 Received: from sepang.rtg.net (unknown [10.0.2.5]) by mail.tpi.com (Postfix) with ESMTP id E5F7F29C78F for ; Thu, 17 Feb 2011 10:00:25 -0800 (PST) Received: by sepang.rtg.net (Postfix, from userid 1000) id 9D53DF89F8; Thu, 17 Feb 2011 11:00:43 -0700 (MST) To: kernel-team@lists.ubuntu.com Subject: Karmic CVE: tty: Make tiocgicount a handler, CVE-2010-4076 Message-Id: <20110217180043.9D53DF89F8@sepang.rtg.net> Date: Thu, 17 Feb 2011 11:00:43 -0700 (MST) From: timg@tpi.com (Tim Gardner) X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.13 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Sender: kernel-team-bounces@lists.ubuntu.com Errors-To: kernel-team-bounces@lists.ubuntu.com The following changes since commit 9c40f6a021668061c2bcfaf2e74c1596eee74cd0: Tim Gardner (1): UBUNTU: Bump ABI are available in the git repository at: git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4076 Alan Cox (1): tty: Make tiocgicount a handler, CVE-2010-4076 drivers/char/tty_io.c | 21 +++++++++++++++++++++ drivers/serial/serial_core.c | 37 +++++++++++++++++-------------------- drivers/usb/serial/usb-serial.c | 13 +++++++++++++ include/linux/tty_driver.h | 9 +++++++++ include/linux/usb/serial.h | 2 ++ 5 files changed, 62 insertions(+), 20 deletions(-) From 807e98d20e26876bb0fa003d8d9b32428a8d8b97 Mon Sep 17 00:00:00 2001 From: Alan Cox Date: Thu, 16 Sep 2010 18:21:24 +0100 Subject: [PATCH] tty: Make tiocgicount a handler, CVE-2010-4076 BugLink: http://bugs.launchpad.net/bugs/720189 CVE-2010-4076 Dan Rosenberg noted that various drivers return the struct with uncleared fields. Instead of spending forever trying to stomp all the drivers that get it wrong (and every new driver) do the job in one place. This first patch adds the needed operations and hooks them up, including the needed USB midlayer and serial core plumbing. Signed-off-by: Alan Cox Signed-off-by: Greg Kroah-Hartman (cherry picked from commit d281da7ff6f70efca0553c288bb883e8605b3862) Signed-off-by: Tim Gardner Acked-by: Stefan Bader Acked-by: Brad Figg --- drivers/char/tty_io.c | 21 +++++++++++++++++++++ drivers/serial/serial_core.c | 37 +++++++++++++++++-------------------- drivers/usb/serial/usb-serial.c | 13 +++++++++++++ include/linux/tty_driver.h | 9 +++++++++ include/linux/usb/serial.h | 2 ++ 5 files changed, 62 insertions(+), 20 deletions(-)