Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 46357 Details for
Bug 72317
Kernel: AF_UNIX Arbitrary Kernel Memory Modification (CAN-2004-{1068,1069})
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
Extra 2.6 Patch for CAN-2004-1069
linux-2.6-AF_UNIX.SELinux.patch (text/plain), 1.72 KB, created by
Tim Yamin (RETIRED)
on 2004-12-19 10:38:40 UTC
(
hide
)
Description:
Extra 2.6 Patch for CAN-2004-1069
Filename:
MIME Type:
Creator:
Tim Yamin (RETIRED)
Created:
2004-12-19 10:38:40 UTC
Size:
1.72 KB
patch
obsolete
>--- a/net/unix/af_unix.c 2004-10-18 22:54:37.000000000 +0100 >+++ b/net/unix/af_unix.c 2004-12-19 18:33:12.000000000 +0000 >@@ -477,6 +477,8 @@ > struct msghdr *, size_t, int); > static int unix_dgram_connect(struct socket *, struct sockaddr *, > int, int); >+static int unix_seqpacket_sendmsg(struct kiocb *, struct socket *, >+ struct msghdr *, size_t); > > static struct proto_ops unix_stream_ops = { > .family = PF_UNIX, >@@ -535,7 +537,7 @@ > .shutdown = unix_shutdown, > .setsockopt = sock_no_setsockopt, > .getsockopt = sock_no_getsockopt, >- .sendmsg = unix_dgram_sendmsg, >+ .sendmsg = unix_seqpacket_sendmsg, > .recvmsg = unix_dgram_recvmsg, > .mmap = sock_no_mmap, > .sendpage = sock_no_sendpage, >@@ -1365,9 +1367,11 @@ > if (other->sk_shutdown & RCV_SHUTDOWN) > goto out_unlock; > >- err = security_unix_may_send(sk->sk_socket, other->sk_socket); >- if (err) >- goto out_unlock; >+ if (sk->sk_type != SOCK_SEQPACKET) { >+ err = security_unix_may_send(sk->sk_socket, other->sk_socket); >+ if (err) >+ goto out_unlock; >+ } > > if (unix_peer(other) != sk && > (skb_queue_len(&other->sk_receive_queue) > >@@ -1517,6 +1521,25 @@ > return sent ? : err; > } > >+static int unix_seqpacket_sendmsg(struct kiocb *kiocb, struct socket *sock, >+ struct msghdr *msg, size_t len) >+{ >+ int err; >+ struct sock *sk = sock->sk; >+ >+ err = sock_error(sk); >+ if (err) >+ return err; >+ >+ if (sk->sk_state != TCP_ESTABLISHED) >+ return -ENOTCONN; >+ >+ if (msg->msg_namelen) >+ msg->msg_namelen = 0; >+ >+ return unix_dgram_sendmsg(kiocb, sock, msg, len); >+} >+ > static void unix_copy_addr(struct msghdr *msg, struct sock *sk) > { > struct unix_sock *u = unix_sk(sk);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=46357">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 72317
:
44640
|
44854
| 46357
