CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280)

2014-04-01 16:05:48 -04:00 · 2014-04-01 16:05:48 -04:00 · 0a005ac427
parent 6994f1662a
commit 0a005ac427
2 changed files with 41 additions and 0 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -787,6 +787,10 @@ Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch
 #will go upstream for 3.15, and will be backported to stable releases
 Patch25053: input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch

+#CVE-2014-2678 rhbz 1083274 1083280
+Patch25054: rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+
+
 # END OF PATCH DEFINITIONS

 %endif
@ -1519,6 +1523,9 @@ ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch
 #https://bugs.freedesktop.org/show_bug.cgi?id=76341
 ApplyPatch input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch

+#CVE-2014-2678 rhbz 1083274 1083280
+ApplyPatch rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+
 # END OF PATCH APPLICATIONS

 %endif
@ -2331,6 +2338,9 @@ fi
 # and build.

 %changelog
+* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280)
+
 * Mon Mar 31 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.13.8-100
 - Linux v3.13.8

--- a/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+++ b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
@ -0,0 +1,31 @@
+Bugzilla: 1083280
+Upstream-status: Queued for 3.15
+
+From bf39b4247b8799935ea91d90db250ab608a58e50 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Sat, 29 Mar 2014 20:39:35 -0400
+Subject: rds: prevent dereference of a NULL device in rds_iw_laddr_check
+
+Binding might result in a NULL device which is later dereferenced
+without checking.
+
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+
+diff --git a/net/rds/iw.c b/net/rds/iw.c
+index 7826d46..5899356 100644
+--- a/net/rds/iw.c
+++ b/net/rds/iw.c
+@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr)
+ 	ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
+ 	/* due to this, we will claim to support IB devices unless we
+ 	   check node_type. */
+-	if (ret || cm_id->device->node_type != RDMA_NODE_RNIC)
+	if (ret || !cm_id->device ||
+	    cm_id->device->node_type != RDMA_NODE_RNIC)
+ 		ret = -EADDRNOTAVAIL;
+ 
+ 	rdsdebug("addr %pI4 ret %d node type %d\n",
+-- 
+cgit v0.10.1
+