From 3440fd73da2690a2845e8d191e88e589fa86de76 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@fedoraproject.org>
Date: Thu, 17 Dec 2015 08:16:06 -0500
Subject: [PATCH] CVE-2015-8569 info leak from getsockname (rhbz 1292045
 1292047)

---
 kernel.spec                                   |  6 +++
 ...addr_len-in-pptp_bind-and-pptp_conne.patch | 39 +++++++++++++++++++
 2 files changed, 45 insertions(+)
 create mode 100644 pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch

diff --git a/kernel.spec b/kernel.spec
index 2208429a8..a7c4a1fa7 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -625,6 +625,9 @@ Patch590: 0014-mfd-intel-lpss-Pass-SDA-hold-time-to-I2C-host-contro.patch
 Patch591: 0015-mfd-intel-lpss-Pass-HSUART-configuration-via-propert.patch
 Patch592: 0016-i2c-designware-Convert-to-use-unified-device-propert.patch
 
+#CVE-2015-8569 rhbz 1292045 1292047
+Patch600: pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -2068,6 +2071,9 @@ fi
 #
 # 
 %changelog
+* Thu Dec 17 2015 Josh Boyer <jwboyer@fedoraproject.org>
+- CVE-2015-8569 info leak from getsockname (rhbz 1292045 1292047)
+
 * Wed Dec 16 2015 Laura Abbott <labbott@redhat.com>
 - Enable a set of RDMA drivers (rhbz 1291902)
 
diff --git a/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch b/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
new file mode 100644
index 000000000..b891c5211
--- /dev/null
+++ b/pptp-verify-sockaddr_len-in-pptp_bind-and-pptp_conne.patch
@@ -0,0 +1,39 @@
+From 16c5a158e97d5b1f6c8bf86b006c1349f025d4e0 Mon Sep 17 00:00:00 2001
+From: WANG Cong <xiyou.wangcong@gmail.com>
+Date: Mon, 14 Dec 2015 13:48:36 -0800
+Subject: [PATCH] pptp: verify sockaddr_len in pptp_bind() and pptp_connect()
+
+Reported-by: Dmitry Vyukov <dvyukov@gmail.com>
+Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+ drivers/net/ppp/pptp.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/drivers/net/ppp/pptp.c b/drivers/net/ppp/pptp.c
+index fc69e41d0950..597c53e0a2ec 100644
+--- a/drivers/net/ppp/pptp.c
++++ b/drivers/net/ppp/pptp.c
+@@ -419,6 +419,9 @@ static int pptp_bind(struct socket *sock, struct sockaddr *uservaddr,
+ 	struct pptp_opt *opt = &po->proto.pptp;
+ 	int error = 0;
+ 
++	if (sockaddr_len < sizeof(struct sockaddr_pppox))
++		return -EINVAL;
++
+ 	lock_sock(sk);
+ 
+ 	opt->src_addr = sp->sa_addr.pptp;
+@@ -440,6 +443,9 @@ static int pptp_connect(struct socket *sock, struct sockaddr *uservaddr,
+ 	struct flowi4 fl4;
+ 	int error = 0;
+ 
++	if (sockaddr_len < sizeof(struct sockaddr_pppox))
++		return -EINVAL;
++
+ 	if (sp->sa_protocol != PX_PROTO_PPTP)
+ 		return -EINVAL;
+ 
+-- 
+2.5.0
+