diff options
author | Josh Boyer <jwboyer@fedoraproject.org> | 2014-04-01 16:05:48 -0400 |
---|---|---|
committer | Josh Boyer <jwboyer@fedoraproject.org> | 2014-04-01 16:05:48 -0400 |
commit | 23ad48d633487900e2294a323bfa731ff6b395d6 (patch) | |
tree | 3ffb418a97696cad287e1dcc3d83e4165d879937 | |
parent | 924a3cf38bf0002d4fa76fb09c7dbbf97516b8c2 (diff) | |
download | kernel-23ad48d633487900e2294a323bfa731ff6b395d6.tar.gz kernel-23ad48d633487900e2294a323bfa731ff6b395d6.tar.xz kernel-23ad48d633487900e2294a323bfa731ff6b395d6.zip |
CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280)
-rw-r--r-- | kernel.spec | 10 | ||||
-rw-r--r-- | rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch | 31 |
2 files changed, 41 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 8e8372f9..27972aa3 100644 --- a/kernel.spec +++ b/kernel.spec @@ -781,6 +781,10 @@ Patch25052: net-xen-netback-disable-rogue-vif-in-kthread-context.patch #will go upstream for 3.15, and will be backported to stable releases Patch25053: input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch +#CVE-2014-2678 rhbz 1083274 1083280 +Patch25054: rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch + + # END OF PATCH DEFINITIONS %endif @@ -1517,6 +1521,9 @@ ApplyPatch net-xen-netback-disable-rogue-vif-in-kthread-context.patch #https://bugs.freedesktop.org/show_bug.cgi?id=76341 ApplyPatch input-cypress_ps2-Don-t-report-the-cypress-PS-2-trac.patch +#CVE-2014-2678 rhbz 1083274 1083280 +ApplyPatch rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch + # END OF PATCH APPLICATIONS %endif @@ -2328,6 +2335,9 @@ fi # ||----w | # || || %changelog +* Tue Apr 01 2014 Josh Boyer <jwboyer@fedoraproject.org> +- CVE-2014-2678 net: rds: deref of NULL dev in rds_iw_laddr_check (rhbz 1083274 1083280) + * Mon Mar 31 2014 Justin M. Forbes <jforbes@fedoraproject.org> - 3.13.8-200 - Linux v3.13.8 diff --git a/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch new file mode 100644 index 00000000..2caf0666 --- /dev/null +++ b/rds-prevent-dereference-of-a-NULL-device-in-rds_iw_laddr_check.patch @@ -0,0 +1,31 @@ +Bugzilla: 1083280 +Upstream-status: Queued for 3.15 + +From bf39b4247b8799935ea91d90db250ab608a58e50 Mon Sep 17 00:00:00 2001 +From: Sasha Levin <sasha.levin@oracle.com> +Date: Sat, 29 Mar 2014 20:39:35 -0400 +Subject: rds: prevent dereference of a NULL device in rds_iw_laddr_check + +Binding might result in a NULL device which is later dereferenced +without checking. + +Signed-off-by: Sasha Levin <sasha.levin@oracle.com> +Signed-off-by: David S. Miller <davem@davemloft.net> + +diff --git a/net/rds/iw.c b/net/rds/iw.c +index 7826d46..5899356 100644 +--- a/net/rds/iw.c ++++ b/net/rds/iw.c +@@ -239,7 +239,8 @@ static int rds_iw_laddr_check(__be32 addr) + ret = rdma_bind_addr(cm_id, (struct sockaddr *)&sin); + /* due to this, we will claim to support IB devices unless we + check node_type. */ +- if (ret || cm_id->device->node_type != RDMA_NODE_RNIC) ++ if (ret || !cm_id->device || ++ cm_id->device->node_type != RDMA_NODE_RNIC) + ret = -EADDRNOTAVAIL; + + rdsdebug("addr %pI4 ret %d node type %d\n", +-- +cgit v0.10.1 + |