CVE-2013-2234 net: information leak in AF_KEY notify (rhbz 980995 981007)
This commit is contained in:
Josh Boyer
parent
c2ff806e79
commit
60a8d4c543
37
af_key-fix-info-leaks-in-notify-messages.patch
Normal file
37
af_key-fix-info-leaks-in-notify-messages.patch
Normal file
@ -0,0 +1,37 @@
|
||||
From a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 Mon Sep 17 00:00:00 2001
|
||||
From: Mathias Krause <minipli@googlemail.com>
|
||||
Date: Wed, 26 Jun 2013 21:52:30 +0000
|
||||
Subject: af_key: fix info leaks in notify messages
|
||||
|
||||
key_notify_sa_flush() and key_notify_policy_flush() miss to initialize
|
||||
the sadb_msg_reserved member of the broadcasted message and thereby
|
||||
leak 2 bytes of heap memory to listeners. Fix that.
|
||||
|
||||
Signed-off-by: Mathias Krause <minipli@googlemail.com>
|
||||
Cc: Steffen Klassert <steffen.klassert@secunet.com>
|
||||
Cc: "David S. Miller" <davem@davemloft.net>
|
||||
Cc: Herbert Xu <herbert@gondor.apana.org.au>
|
||||
Signed-off-by: David S. Miller <davem@davemloft.net>
|
||||
---
|
||||
diff --git a/net/key/af_key.c b/net/key/af_key.c
|
||||
index c5fbd75..9da8620 100644
|
||||
--- a/net/key/af_key.c
|
||||
+++ b/net/key/af_key.c
|
||||
@@ -1710,6 +1710,7 @@ static int key_notify_sa_flush(const struct km_event *c)
|
||||
hdr->sadb_msg_version = PF_KEY_V2;
|
||||
hdr->sadb_msg_errno = (uint8_t) 0;
|
||||
hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
|
||||
+ hdr->sadb_msg_reserved = 0;
|
||||
|
||||
pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
|
||||
|
||||
@@ -2699,6 +2700,7 @@ static int key_notify_policy_flush(const struct km_event *c)
|
||||
hdr->sadb_msg_errno = (uint8_t) 0;
|
||||
hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
|
||||
hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
|
||||
+ hdr->sadb_msg_reserved = 0;
|
||||
pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
|
||||
return 0;
|
||||
|
||||
--
|
||||
cgit v0.9.2
|
||||
@ -804,6 +804,9 @@ Patch25055: ath3k-dont-use-stack-memory-for-DMA.patch
|
||||
Patch25056: iwl3945-better-skb-management-in-rx-path.patch
|
||||
Patch25057: iwl4965-better-skb-management-in-rx-path.patch
|
||||
|
||||
#CVE-2013-2234 rhbz 980995 981007
|
||||
Patch25058: af_key-fix-info-leaks-in-notify-messages.patch
|
||||
|
||||
# END OF PATCH DEFINITIONS
|
||||
|
||||
%endif
|
||||
@ -1557,6 +1560,9 @@ ApplyPatch ath3k-dont-use-stack-memory-for-DMA.patch
|
||||
ApplyPatch iwl3945-better-skb-management-in-rx-path.patch
|
||||
ApplyPatch iwl4965-better-skb-management-in-rx-path.patch
|
||||
|
||||
#CVE-2013-2234 rhbz 980995 981007
|
||||
ApplyPatch af_key-fix-info-leaks-in-notify-messages.patch
|
||||
|
||||
# END OF PATCH APPLICATIONS
|
||||
|
||||
%endif
|
||||
@ -2373,6 +2379,9 @@ fi
|
||||
# and build.
|
||||
|
||||
%changelog
|
||||
* Wed Jul 03 2013 Josh Boyer <jwboyer@redhat.com>
|
||||
- CVE-2013-2234 net: information leak in AF_KEY notify (rhbz 980995 981007)
|
||||
|
||||
* Wed Jul 03 2013 Justin M. Forbes <jforbes@redhat.com> 3.9.9-300
|
||||
- Linux v3.9.9
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user