CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
This commit is contained in:
parent
d0296447ec
commit
5f33e10fd2
|
@ -0,0 +1,27 @@
|
|||
From 5233252fce714053f0151680933571a2da9cbfb4 Mon Sep 17 00:00:00 2001
|
||||
From: "David S. Miller" <davem@davemloft.net>
|
||||
Date: Tue, 15 Dec 2015 15:39:08 -0500
|
||||
Subject: [PATCH] bluetooth: Validate socket address length in sco_sock_bind().
|
||||
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
net/bluetooth/sco.c | 3 +++
|
||||
1 file changed, 3 insertions(+)
|
||||
|
||||
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
|
||||
index fe129663bd3f..f52bcbf2e58c 100644
|
||||
--- a/net/bluetooth/sco.c
|
||||
+++ b/net/bluetooth/sco.c
|
||||
@@ -526,6 +526,9 @@ static int sco_sock_bind(struct socket *sock, struct sockaddr *addr,
|
||||
if (!addr || addr->sa_family != AF_BLUETOOTH)
|
||||
return -EINVAL;
|
||||
|
||||
+ if (addr_len < sizeof(struct sockaddr_sco))
|
||||
+ return -EINVAL;
|
||||
+
|
||||
lock_sock(sk);
|
||||
|
||||
if (sk->sk_state != BT_OPEN) {
|
||||
--
|
||||
2.5.0
|
||||
|
|
@ -671,6 +671,9 @@ Patch576: net-add-validation-for-the-socket-syscall-protocol-a.patch
|
|||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
Patch577: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
Patch578: bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
|
@ -1462,6 +1465,9 @@ ApplyPatch net-add-validation-for-the-socket-syscall-protocol-a.patch
|
|||
#CVE-2015-8569 rhbz 1292045 1292047
|
||||
ApplyPatch pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
|
||||
|
||||
#CVE-2015-8575 rhbz 1292840 1292841
|
||||
ApplyPatch bluetooth-Validate-socket-address-length-in-sco_sock.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
|
@ -2312,6 +2318,9 @@ fi
|
|||
#
|
||||
#
|
||||
%changelog
|
||||
* Fri Dec 18 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8575 information leak in sco_sock_bind (rhbz 1292840 1292841)
|
||||
|
||||
* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
|
||||
- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
|
||||
|
||||
|
|
Loading…
Reference in New Issue