From: Nicolas Thill Date: Fri, 10 Apr 2009 12:07:13 +0000 (+0000) Subject: fix Linux kernel memory disclosure in sock_getsockopt (closes: #4914) X-Git-Tag: 8.09.1~123 X-Git-Url: http://git.cdn.openwrt.org/?a=commitdiff_plain;h=f261b7962eee4dc45ce0722d052eaf422844c12c;p=openwrt%2Fsvn-archive%2Fopenwrt.git fix Linux kernel memory disclosure in sock_getsockopt (closes: #4914) SVN-Revision: 15192 --- diff --git a/target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch new file mode 100644 index 0000000000..73f7aad638 --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch @@ -0,0 +1,13 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 + +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -691,6 +691,8 @@ int sock_getsockopt(struct socket *sock, + if (len < 0) + return -EINVAL; + ++ v.val = 0; ++ + switch(optname) { + case SO_DEBUG: + v.val = sock_flag(sk, SOCK_DBG); diff --git a/target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch new file mode 100644 index 0000000000..c91a0398bd --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch @@ -0,0 +1,13 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 + +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -705,6 +705,8 @@ int sock_getsockopt(struct socket *sock, + if (len < 0) + return -EINVAL; + ++ v.val = 0; ++ + switch(optname) { + case SO_DEBUG: + v.val = sock_flag(sk, SOCK_DBG); diff --git a/target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch new file mode 100644 index 0000000000..70ce86d32c --- /dev/null +++ b/target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch @@ -0,0 +1,13 @@ +http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676 + +--- a/net/core/sock.c ++++ b/net/core/sock.c +@@ -697,6 +697,8 @@ int sock_getsockopt(struct socket *sock, + if (len < 0) + return -EINVAL; + ++ v.val = 0; ++ + switch(optname) { + case SO_DEBUG: + v.val = sock_flag(sk, SOCK_DBG);