diff options
| author |   Guillaume Destuynder <kang@gentoo.org> | 2004-12-19 23:52:17 +0000 |
|---|---|---|
| committer | Guillaume Destuynder <kang@gentoo.org> | 2004-12-19 23:52:17 +0000 |
| commit | 3cce5f2d0bc7a5dccb3440a3d5b0941670006d81 (patch) | |
| tree | d2f4e28ab2e8df5add7f175be6dbc18596d603bb /sys-kernel/rsbac-dev-sources/files | |
| parent | Stable on alpha. (diff) | |
| download | historical-3cce5f2d0bc7a5dccb3440a3d5b0941670006d81.tar.gz historical-3cce5f2d0bc7a5dccb3440a3d5b0941670006d81.tar.bz2 historical-3cce5f2d0bc7a5dccb3440a3d5b0941670006d81.zip | |
Security fix: #72317 CAN-2004-1069, extra patch for AF_UNIX vuln.
Diffstat (limited to 'sys-kernel/rsbac-dev-sources/files')
| -rw-r--r-- | sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r11 (renamed from sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10) | 0 | ||||
| -rw-r--r-- | sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-1069.patch | 61 |
2 files changed, 61 insertions, 0 deletions
diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r11 index 19b8dd9a9c31..19b8dd9a9c31 100644 --- a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r10 +++ b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r11 diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-1069.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-1069.patch new file mode 100644 index 000000000000..dbb8b2329a28 --- /dev/null +++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-CAN-2004-1069.patch @@ -0,0 +1,61 @@ +--- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 ++++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 +@@ -477,6 +477,8 @@ + struct msghdr *, size_t, int); + static int unix_dgram_connect(struct socket *, struct sockaddr *, + int, int); ++static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, ++ struct msghdr *, size_t); + + static struct proto_ops unix_stream_ops = { + .family = PF_UNIX, +@@ -535,7 +537,7 @@ + .shutdown = unix_shutdown, + .setsockopt = sock_no_setsockopt, + .getsockopt = sock_no_getsockopt, +- .sendmsg = unix_dgram_sendmsg, ++ .sendmsg = unix_seqpacket_sendmsg, + .recvmsg = unix_dgram_recvmsg, + .mmap = sock_no_mmap, + .sendpage = sock_no_sendpage, +@@ -1365,9 +1367,11 @@ + if (other->sk_shutdown & RCV_SHUTDOWN) + goto out_unlock; + +- err = security_unix_may_send(sk->sk_socket, other->sk_socket); +- if (err) +- goto out_unlock; ++ if (sk->sk_type != SOCK_SEQPACKET) { ++ err = security_unix_may_send(sk->sk_socket, other->sk_socket); ++ if (err) ++ goto out_unlock; ++ } + + if (unix_peer(other) != sk && + (skb_queue_len(&other->sk_receive_queue) > +@@ -1517,6 +1521,25 @@ + return sent ? : err; + } + ++static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, ++ struct msghdr *msg, size_t len) ++{ ++ int err; ++ struct sock *sk = sock->sk; ++ ++ err = sock_error(sk); ++ if (err) ++ return err; ++ ++ if (sk->sk_state != TCP_ESTABLISHED) ++ return -ENOTCONN; ++ ++ if (msg->msg_namelen) ++ msg->msg_namelen = 0; ++ ++ return unix_dgram_sendmsg(kiocb, sock, msg, len); ++} ++ + static void unix_copy_addr(struct msghdr *msg, struct sock *sk) + { + struct unix_sock *u = unix_sk(sk); |