Linux v5.0-rc2-141-g47bfa6d9dc8c

This commit is contained in:
Laura Abbott 2019-01-16 07:21:41 -08:00
parent 0f476611af
commit 19c00cb313
4 changed files with 6 additions and 48 deletions

View File

@ -1,42 +0,0 @@
From linux-netdev Thu Jan 03 12:26:34 2019
From: Oliver Hartkopp <socketcan () hartkopp ! net>
Date: Thu, 03 Jan 2019 12:26:34 +0000
To: linux-netdev
Subject: [PATCH] can: gw: ensure DLC boundaries after CAN frame modification
Message-Id: <20190103122634.2530-1-socketcan () hartkopp ! net>
X-MARC-Message: https://marc.info/?l=linux-netdev&m=154651842302479
The CAN frame modification rules allow bitwise logical operations which can
be also applied to the can_dlc field. Ensure the manipulation result to
maintain the can_dlc boundaries so that the CAN drivers do not accidently
write arbitrary content beyond the data registers in the CAN controllers
I/O mem when processing can-gw manipulated outgoing frames. When passing these
frames to user space this issue did not have any effect to the kernel or any
leaked data as we always strictly copy sizeof(struct can_frame) bytes.
Reported-by: Muyu Yu <ieatmuttonchuan@gmail.com>
Reported-by: Marcus Meissner <meissner@suse.de>
Tested-by: Muyu Yu <ieatmuttonchuan@gmail.com>
Signed-off-by: Oliver Hartkopp <socketcan@hartkopp.net>
Cc: linux-stable <stable@vger.kernel.org> # >= v3.2
---
net/can/gw.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/net/can/gw.c b/net/can/gw.c
index faa3da88a127..9000d9b8a133 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -418,6 +418,10 @@ static void can_can_gw_rcv(struct sk_buff *skb, void *data)
/* check for checksum updates when the CAN frame has been modified */
if (modidx) {
+ /* ensure DLC boundaries after the different mods */
+ if (cf->can_dlc > 8)
+ cf->can_dlc = 8;
+
if (gwj->mod.csumfunc.crc8)
(*gwj->mod.csumfunc.crc8)(cf, &gwj->mod.csum.crc8);
--
2.19.2

2
gitrev
View File

@ -1 +1 @@
fe76fc6aaf538df27708ffa3e5d549a6c8e16142 47bfa6d9dc8c060bf56554a465c9031e286d2f80

View File

@ -71,7 +71,7 @@ Summary: The Linux kernel
# The rc snapshot level # The rc snapshot level
%global rcrev 2 %global rcrev 2
# The git snapshot level # The git snapshot level
%define gitrev 1 %define gitrev 2
# Set rpm version accordingly # Set rpm version accordingly
%define rpmversion 5.%{upstream_sublevel}.0 %define rpmversion 5.%{upstream_sublevel}.0
%endif %endif
@ -596,9 +596,6 @@ Patch350: Allwinner-A64-timer-workaround.patch
# rhbz 1431375 # rhbz 1431375
Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch Patch501: input-rmi4-remove-the-need-for-artifical-IRQ.patch
# CVE-2019-3701 rhbz 1663729 1663730
Patch503: CVE-2019-3701.patch
# https://patchwork.kernel.org/patch/10752253/ # https://patchwork.kernel.org/patch/10752253/
Patch504: efi-use-32-bit-alignment-for-efi_guid_t.patch Patch504: efi-use-32-bit-alignment-for-efi_guid_t.patch
@ -1873,6 +1870,9 @@ fi
# #
# #
%changelog %changelog
* Wed Jan 16 2019 Laura Abbott <labbott@redhat.com> - 5.0.0-0.rc2.git2.1
- Linux v5.0-rc2-141-g47bfa6d9dc8c
* Tue Jan 15 2019 Laura Abbott <labbott@redhat.com> - 5.0.0-0.rc2.git1.1 * Tue Jan 15 2019 Laura Abbott <labbott@redhat.com> - 5.0.0-0.rc2.git1.1
- Linux v5.0-rc2-36-gfe76fc6aaf53 - Linux v5.0-rc2-36-gfe76fc6aaf53

View File

@ -1,2 +1,2 @@
SHA512 (linux-5.0-rc2.tar.gz) = 93d1d32cadc1d55354cc7706b718f3a6c46abdf635fda8e4a0c34d9fce79a3a2d8ec5d12850f9813cdea7c7236846b95e1db48498ed8c5b425abd36e4801ed81 SHA512 (linux-5.0-rc2.tar.gz) = 93d1d32cadc1d55354cc7706b718f3a6c46abdf635fda8e4a0c34d9fce79a3a2d8ec5d12850f9813cdea7c7236846b95e1db48498ed8c5b425abd36e4801ed81
SHA512 (patch-5.0-rc2-git1.xz) = 4dd171b2a3598d0b20204a76ea06af3dfcd9ff8e62ab4ba14cc68d1dc8f96eaba598ce59a61946fb3c5c50c17b7bd1e50f3920bc613ea5b6cc1034aad4d21592 SHA512 (patch-5.0-rc2-git2.xz) = 765207f481ed1d51cbccd6c7370b44e828b6ee5f33aa976e02b15aafe5fd810c5764f311d124b408fe8e6efc54c19ebc1753ae5fb4877d3d8b4d49b6290559fb