CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)

This commit is contained in:
Josh Boyer 2015-12-17 08:16:06 -05:00
parent c7cc20ad82
commit 3440fd73da
2 changed files with 45 additions and 0 deletions

View File

@ -625,6 +625,9 @@ Patch590: 0014-mfd-intel-lpss-Pass-SDA-hold-time-to-I2C-host-contro.patch
Patch591: 0015-mfd-intel-lpss-Pass-HSUART-configuration-via-propert.patch
Patch592: 0016-i2c-designware-Convert-to-use-unified-device-propert.patch
#CVE-2015-8569 rhbz 1292045 1292047
Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
# END OF PATCH DEFINITIONS
%endif
@ -2068,6 +2071,9 @@ fi
#
#
%changelog
* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
* Wed Dec 16 2015 Laura Abbott <labbott@redhat.com>
- Enable a set of RDMA drivers (rhbz 1291902)

View File

@ -0,0 +1,39 @@
From 16c5a158e97d5b1f6c8bf86b006c1349f025d4e0 Mon Sep 17 00:00:00 2001
From: WANG Cong <xiyou.wangcong@gmail.com>
Date: Mon, 14 Dec 2015 13:48:36 -0800
Subject: [PATCH] pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
drivers/net/ppp/pptp.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
index fc69e41d0950..597c53e0a2ec 100644
--- a/drivers/net/ppp/pptp.c
+++ b/drivers/net/ppp/pptp.c
@@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
struct pptp_opt *opt = &po->proto.pptp;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
lock_sock(sk);
opt->src_addr = sp->sa_addr.pptp;
@@ -440,6 +443,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
struct flowi4 fl4;
int error = 0;
+ if (sockaddr_len < sizeof(struct sockaddr_pppox))
+ return -EINVAL;
+
if (sp->sa_protocol != PX_PROTO_PPTP)
return -EINVAL;
--
2.5.0