[PATCH Hardy CVE-2012-2136] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb()

Tim Gardner tim.gardner at canonical.com
Mon Sep 10 13:03:26 UTC 2012

On 09/10/2012 02:32 AM, Colin Ian King wrote:
> On 07/09/12 19:02, Tim Gardner wrote:
>> From: Jason Wang <jasowang at redhat.com>
>> CVE-2012-2136
>> BugLink: http://bugs.launchpad.net/bugs/1006622
>> We need to validate the number of pages consumed by data_len,
>> otherwise frags
>> array could be overflowed by userspace. So this patch validate
>> data_len and
>> return -EMSGSIZE when data_len may occupies more frags than
>> Signed-off-by: Jason Wang <jasowang at redhat.com>
>> Signed-off-by: David S. Miller <davem at davemloft.net>
>> (cherry picked from commit cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc)
> Minor quibble, this is also a back-port for the openvz version of sock.c
> rather than a clean cherry-pick.

I guess I made the assumption that anyone doing maintenance on Hardy
would know that the custom binary patches _couldn't_ be cherry-picks.
But you are correct that I could have noted xen applied cleanly whereas
openvz required some futzing (as usual). I'll get that info into the
final patch.

Tim Gardner tim.gardner at canonical.com

More information about the kernel-team mailing list