[PATCH Hardy CVE-2012-2136] net: sock: validate data_len before allocating skb in sock_alloc_send_pskb()

Tim Gardner tim.gardner at canonical.com
Mon Sep 10 13:03:26 UTC 2012


On 09/10/2012 02:32 AM, Colin Ian King wrote:
> On 07/09/12 19:02, Tim Gardner wrote:
>> From: Jason Wang <jasowang at redhat.com>
>>
>> CVE-2012-2136
>>
>> BugLink: http://bugs.launchpad.net/bugs/1006622
>>
>> We need to validate the number of pages consumed by data_len,
>> otherwise frags
>> array could be overflowed by userspace. So this patch validate
>> data_len and
>> return -EMSGSIZE when data_len may occupies more frags than
>> MAX_SKB_FRAGS.
>>
>> Signed-off-by: Jason Wang <jasowang at redhat.com>
>> Signed-off-by: David S. Miller <davem at davemloft.net>
>> (cherry picked from commit cc9b17ad29ecaa20bfe426a8d4dbfb94b13ff1cc)
>>
> 
> Minor quibble, this is also a back-port for the openvz version of sock.c
> rather than a clean cherry-pick.
> 

I guess I made the assumption that anyone doing maintenance on Hardy
would know that the custom binary patches _couldn't_ be cherry-picks.
But you are correct that I could have noted xen applied cleanly whereas
openvz required some futzing (as usual). I'll get that info into the
final patch.

rtg
-- 
Tim Gardner tim.gardner at canonical.com




More information about the kernel-team mailing list