CVE-2013-1059 libceph: Fix NULL pointer dereference in auth client code (rhbz 977356 980341)

ceph-fix.patch

@@ -0,0 +1,24 @@
+diff --git a/net/ceph/auth_none.c b/net/ceph/auth_none.c
+index 925ca58..0ef2458 100644
+--- a/net/ceph/auth_none.c
++++ b/net/ceph/auth_none.c
+@@ -39,6 +39,11 @@ static int should_authenticate(struct ceph_auth_client *ac)
+ 	return xi->starting;
+ }
+ 
++static int build_request(struct ceph_auth_client *ac, void *buf, void *end)
++{
++       return 0;
++}
++
+ /*
+  * the generic auth code decode the global_id, and we carry no actual
+  * authenticate state, so nothing happens here.
+@@ -106,6 +111,7 @@ static const struct ceph_auth_client_ops ceph_auth_none_ops = {
+ 	.destroy = destroy,
+ 	.is_authenticated = is_authenticated,
+ 	.should_authenticate = should_authenticate,
++	.build_request = build_request,
+ 	.handle_reply = handle_reply,
+ 	.create_authorizer = ceph_auth_none_create_authorizer,
+ 	.destroy_authorizer = ceph_auth_none_destroy_authorizer,

kernel.spec

@@ -794,6 +794,9 @@ Patch25057: iwl4965-better-skb-management-in-rx-path.patch
 #CVE-2013-2234 rhbz 980995 981007
 Patch25058: af_key-fix-info-leaks-in-notify-messages.patch
 
+#CVE-2013-1059 rhbz 977356 980341
+Patch25059: ceph-fix.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1526,6 +1529,9 @@ ApplyPatch iwl4965-better-skb-management-in-rx-path.patch
 #CVE-2013-2234 rhbz 980995 981007
 ApplyPatch af_key-fix-info-leaks-in-notify-messages.patch
 
+#CVE-2013-1059 rhbz 977356 980341
+ApplyPatch ceph-fix.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2372,6 +2378,7 @@ fi
 #                 ||     ||
 %changelog
 * Wed Jul 03 2013 Josh Boyer <jwboyer@redhat.com>
+- CVE-2013-1059 libceph: Fix NULL pointer dereference in auth client code (rhbz 977356 980341)
 - CVE-2013-2234 net: information leak in AF_KEY notify (rhbz 980995 981007)
 - Linux v3.9.9