[CVE-2009-0676] fix Linux kernel memory disclosure in sock_getsockopt (closes: #4914)
authorNicolas Thill <nico@openwrt.org>
Fri, 10 Apr 2009 12:07:13 +0000 (12:07 +0000)
committerNicolas Thill <nico@openwrt.org>
Fri, 10 Apr 2009 12:07:13 +0000 (12:07 +0000)
SVN-Revision: 15192

target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch [new file with mode: 0644]

diff --git a/target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.24/993-cve-2009-0676.patch
new file mode 100644 (file)
index 0000000..73f7aad
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676
+
+--- a/net/core/sock.c
++++ b/net/core/sock.c
+@@ -691,6 +691,8 @@ int sock_getsockopt(struct socket *sock,
+       if (len < 0)
+               return -EINVAL;
++      v.val = 0;
++
+       switch(optname) {
+       case SO_DEBUG:
+               v.val = sock_flag(sk, SOCK_DBG);
diff --git a/target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.25/993-cve-2009-0676.patch
new file mode 100644 (file)
index 0000000..c91a039
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676
+
+--- a/net/core/sock.c
++++ b/net/core/sock.c
+@@ -705,6 +705,8 @@ int sock_getsockopt(struct socket *sock,
+       if (len < 0)
+               return -EINVAL;
++      v.val = 0;
++
+       switch(optname) {
+       case SO_DEBUG:
+               v.val = sock_flag(sk, SOCK_DBG);
diff --git a/target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch b/target/linux/generic-2.6/patches-2.6.26/993-cve-2009-0676.patch
new file mode 100644 (file)
index 0000000..70ce86d
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0676
+
+--- a/net/core/sock.c
++++ b/net/core/sock.c
+@@ -697,6 +697,8 @@ int sock_getsockopt(struct socket *sock,
+       if (len < 0)
+               return -EINVAL;
++      v.val = 0;
++
+       switch(optname) {
+       case SO_DEBUG:
+               v.val = sock_flag(sk, SOCK_DBG);