[vyatta-svn] Linux kernel repository for eureka (based on 2.6.23.y tree): Changes to 'hollywood'
shemminger@suva.vyatta.com
shemminger at suva.vyatta.com
Thu Jul 17 14:07:12 PDT 2008
debian/arch/i386/config.486-vyatta | 33 ++++-----------------------------
drivers/net/pppol2tp.c | 20 ++++++++++++--------
2 files changed, 16 insertions(+), 37 deletions(-)
New commits:
commit 2b2758facdb3f3587488b23d3100581b867715f3
Author: James Chapman <jchapman at katalix.com>
Date: Tue Jun 10 12:35:00 2008 -0700
l2tp: Fix potential memory corruption in pppol2tp_recvmsg()
This patch fixes a potential memory corruption in
pppol2tp_recvmsg(). If skb->len is bigger than the caller's buffer
length, memcpy_toiovec() will go into unintialized data on the kernel
heap, interpret it as an iovec and start modifying memory.
The fix is to change the memcpy_toiovec() call to
skb_copy_datagram_iovec() so that paged packets (rare for PPPOL2TP)
are handled properly. Also check that the caller's buffer is big
enough for the data and set the MSG_TRUNC flag if it is not so.
Reported-by: Ilja <ilja at netric.org>
Signed-off-by: James Chapman <jchapman at katalix.com>
Signed-off-by: David S. Miller <davem at davemloft.net>
commit ecbc25f3fe237ca598f676098890e69efcd27fbb
Author: Stephen Hemminger <stephen.hemminger at vyatta.com>
Date: Thu Jul 17 14:06:05 2008 -0700
Disable SCTP and DCCP
Avoid running into security problems from buffer overflows in these
protocols. They weren't enabled before so it is not a big loss.
See: CVE-2008-2358, CVE-2008-2826
Revert "Enable TIPC, SCTP and DCCP protocols"
This reverts commit 2947723d7b21fa3a54de84228a9e971c449611a3.
http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=2b2758facdb3f3587488b23d3100581b867715f3
http://suva.vyatta.com/git/?p=linux-vyatta.git;a=commitdiff;h=ecbc25f3fe237ca598f676098890e69efcd27fbb
More information about the svn
mailing list