CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280)

2014-04-01 16:05:48 -04:00 · 2014-04-01 16:05:48 -04:00 · 9969f4229c
parent fbff9edd56
commit 9969f4229c
2 changed files with 40 additions and 0 deletions
--- a/kernel.spec
+++ b/kernel.spec
@ -645,6 +645,9 @@ Patch25044: iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
 #CVE-2014-2580 rhbz 1080084 1080086
 Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch

+#CVE-2014-2678 rhbz 1083274 1083280
+Patch25054: rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+
 # END OF PATCH DEFINITIONS

 %endif
@ -1295,6 +1298,9 @@ ApplyPatch iwlwifi-dvm-take-mutex-when-sending-SYNC-BT-config-command.patch
 #CVE-2014-2580 rhbz 1080084 1080086
 ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch

+#CVE-2014-2678 rhbz 1083274 1083280
+ApplyPatch rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+
 # END OF PATCH APPLICATIONS

 %endif
@ -2075,6 +2081,9 @@ fi
 #                                    ||     ||
 %changelog
 * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git2.1
+- CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280)
+
+* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> 
 - Linux v3.14-751-g683b6c6f82a6

 * Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> - 3.15.0-0.rc0.git1.1
--- a/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
+++ b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch
@ -0,0 +1,31 @@
+Bugzilla: 1083280
+Upstream-status: Queued for 3.15
+
+From bf39b4247b8799935ea91d90db250ab608a58e50 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sasha.levin@oracle.com>
+Date: Sat, 29 Mar 2014 20:39:35 -0400
+Subject: rds: prevent dereference of a NULL device in rds_iw_laddr_check
+
+Binding might result in a NULL device which is later dereferenced
+without checking.
+
+Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+
+diff --git a/net/rds/iw.c b/net/rds/iw.c
+index 7826d46..5899356 100644
+--- a/net/rds/iw.c
+++ b/net/rds/iw.c
+@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr)
+ 	ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin);
+ 	/* due to this, we will claim to support IB devices unless we
+ 	   check node_type. */
+-	if (ret || cm_id->device->node_type != RDMA_NODE_RNIC)
+	if (ret || !cm_id->device ||
+	    cm_id->device->node_type != RDMA_NODE_RNIC)
+ 		ret = -EADDRNOTAVAIL;
+ 
+ 	rdsdebug("addr %pI4 ret %d node type %d\n",
+-- 
+cgit v0.10.1
+