[kernel] fix possible NULL pointer dereference in sock_sendpage()
authorNicolas Thill <nico@openwrt.org>
Wed, 19 Aug 2009 11:28:50 +0000 (11:28 +0000)
committerNicolas Thill <nico@openwrt.org>
Wed, 19 Aug 2009 11:28:50 +0000 (11:28 +0000)
 - CVE-2009-2692

SVN-Revision: 17308

target/linux/generic-2.4/patches/901-CVE-2009-2692.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.23/996-cve-2009-2692.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.24/996-cve-2009-2692.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.25/996-cve-2009-2692.patch [new file with mode: 0644]
target/linux/generic-2.6/patches-2.6.26/996-cve-2009-2692.patch [new file with mode: 0644]

diff --git a/target/linux/generic-2.4/patches/901-CVE-2009-2692.patch b/target/linux/generic-2.4/patches/901-CVE-2009-2692.patch
new file mode 100644 (file)
index 0000000..641c87d
--- /dev/null
@@ -0,0 +1,14 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -607,6 +607,9 @@ ssize_t sock_sendpage(struct file *file,
+       if (more)
+               flags |= MSG_MORE;
++      if (!sock->ops->sendpage)
++              return sock_no_sendpage(sock, page, offset, size, flags);
++
+       return sock->ops->sendpage(sock, page, offset, size, flags);
+ }
diff --git a/target/linux/generic-2.6/patches-2.6.23/996-cve-2009-2692.patch b/target/linux/generic-2.6/patches-2.6.23/996-cve-2009-2692.patch
new file mode 100644 (file)
index 0000000..faf5ec3
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -687,7 +687,7 @@ static ssize_t sock_sendpage(struct file
+       if (more)
+               flags |= MSG_MORE;
+-      return sock->ops->sendpage(sock, page, offset, size, flags);
++      return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ static struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
diff --git a/target/linux/generic-2.6/patches-2.6.24/996-cve-2009-2692.patch b/target/linux/generic-2.6/patches-2.6.24/996-cve-2009-2692.patch
new file mode 100644 (file)
index 0000000..19214b8
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -688,7 +688,7 @@ static ssize_t sock_sendpage(struct file
+       if (more)
+               flags |= MSG_MORE;
+-      return sock->ops->sendpage(sock, page, offset, size, flags);
++      return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ static struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
diff --git a/target/linux/generic-2.6/patches-2.6.25/996-cve-2009-2692.patch b/target/linux/generic-2.6/patches-2.6.25/996-cve-2009-2692.patch
new file mode 100644 (file)
index 0000000..1910c36
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -692,7 +692,7 @@ static ssize_t sock_sendpage(struct file
+       if (more)
+               flags |= MSG_MORE;
+-      return sock->ops->sendpage(sock, page, offset, size, flags);
++      return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
diff --git a/target/linux/generic-2.6/patches-2.6.26/996-cve-2009-2692.patch b/target/linux/generic-2.6/patches-2.6.26/996-cve-2009-2692.patch
new file mode 100644 (file)
index 0000000..1910c36
--- /dev/null
@@ -0,0 +1,13 @@
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692
+
+--- a/net/socket.c
++++ b/net/socket.c
+@@ -692,7 +692,7 @@ static ssize_t sock_sendpage(struct file
+       if (more)
+               flags |= MSG_MORE;
+-      return sock->ops->sendpage(sock, page, offset, size, flags);
++      return kernel_sendpage(sock, page, offset, size, flags);
+ }
+ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,