rpms/kernel/F-11 ipv4-fix-null-ptr-deref-in-ip_fragment.patch, NONE, 1.1 kernel.spec, 1.1780, 1.1781
Kyle McMartin
kyle at fedoraproject.org
Fri Dec 4 04:29:53 UTC 2009
- Previous message: rpms/nss/devel 533125-ammend.patch,NONE,1.1
- Next message: rpms/rubygem-ruby2ruby/F-12 import.log, NONE, 1.1 pt_testcase.rb, NONE, 1.1 rubygem-ruby2ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: kyle
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv30376
Modified Files:
kernel.spec
Added Files:
ipv4-fix-null-ptr-deref-in-ip_fragment.patch
Log Message:
* Thu Dec 03 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-102
- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
bug fix.
ipv4-fix-null-ptr-deref-in-ip_fragment.patch:
ip_fragment.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- NEW FILE ipv4-fix-null-ptr-deref-in-ip_fragment.patch ---
From: David Ford <david at blue-labs.org>
Date: Mon, 30 Nov 2009 07:02:22 +0000 (-0800)
Subject: ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr...
X-Git-Tag: v2.6.32~40^2~6
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Ftorvalds%2Flinux-2.6.git;a=commitdiff_plain;h=bbf31bf18d34caa87dd01f08bf713635593697f2
ipv4: additional update of dev_net(dev) to struct *net in ip_fragment.c, NULL ptr OOPS
ipv4 ip_frag_reasm(), fully replace 'dev_net(dev)' with 'net', defined
previously patched into 2.6.29.
Between 2.6.28.10 and 2.6.29, net/ipv4/ip_fragment.c was patched,
changing from dev_net(dev) to container_of(...). Unfortunately the goto
section (out_fail) on oversized packets inside ip_frag_reasm() didn't
get touched up as well. Oversized IP packets cause a NULL pointer
dereference and immediate hang.
I discovered this running openvasd and my previous email on this is
titled: NULL pointer dereference at 2.6.32-rc8:net/ipv4/ip_fragment.c:566
Signed-off-by: David Ford <david at blue-labs.org>
Signed-off-by: David S. Miller <davem at davemloft.net>
---
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index 575f9bd..d3fe10b 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -563,7 +563,7 @@ out_oversize:
printk(KERN_INFO "Oversized IP packet from %pI4.\n",
&qp->saddr);
out_fail:
- IP_INC_STATS_BH(dev_net(dev), IPSTATS_MIB_REASMFAILS);
+ IP_INC_STATS_BH(net, IPSTATS_MIB_REASMFAILS);
return err;
}
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1780
retrieving revision 1.1781
diff -u -p -r1.1780 -r1.1781
--- kernel.spec 19 Nov 2009 14:38:34 -0000 1.1780
+++ kernel.spec 4 Dec 2009 04:29:53 -0000 1.1781
@@ -841,6 +841,9 @@ Patch16470: sata_nv-use-hardreset-only-f
# rhbz#538734 (CVE-tbd) [f60311d5f7670d9539b424e4ed8b5c0872fc9e83]
Patch16471: fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+# rhbz#544144 [bbf31bf18d34caa87dd01f08bf713635593697f2]
+Patch16472: ipv4-fix-null-ptr-deref-in-ip_fragment.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1580,6 +1583,9 @@ ApplyPatch sata_nv-make-sure-link-is-bro
ApplyPatch fuse-prevent-fuse_put_request-in-invalid-ptr.patch
+# rhbz#544144
+ApplyPatch ipv4-fix-null-ptr-deref-in-ip_fragment.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2168,6 +2174,10 @@ fi
# and build.
%changelog
+* Thu Dec 03 2009 Kyle McMartin <kyle at redhat.com> 2.6.30.9-102
+- ipv4-fix-null-ptr-deref-in-ip_fragment.patch: null ptr deref
+ bug fix.
+
* Thu Nov 19 2009 Kyle McMartin <kyle at redhat.com>
- fuse-prevent-fuse_put_request-in-invalid-ptr.patch: fix oops in fuse
when low on memory. rhbz#538734.
- Previous message: rpms/nss/devel 533125-ammend.patch,NONE,1.1
- Next message: rpms/rubygem-ruby2ruby/F-12 import.log, NONE, 1.1 pt_testcase.rb, NONE, 1.1 rubygem-ruby2ruby.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list