summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJustin M. Forbes <jforbes@fedoraproject.org>2019-06-07 08:12:36 -0500
committerJustin M. Forbes <jforbes@fedoraproject.org>2019-06-07 08:12:36 -0500
commit6beb21eb200e9d513f908f0348940bcdd5925270 (patch)
tree41f1568b817b48442b852a472c4471ede9c6594c
parent3a1608e7da51502735ea72165edfb1ace1b16d10 (diff)
downloadkernel-6beb21eb200e9d513f908f0348940bcdd5925270.tar.gz
kernel-6beb21eb200e9d513f908f0348940bcdd5925270.tar.xz
kernel-6beb21eb200e9d513f908f0348940bcdd5925270.zip
Fix CVE-2019-12614 (rhbz 1718176 1718185)
Diffstat
-rw-r--r--kernel.spec6
-rw-r--r--powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch34
2 files changed, 40 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec
index 1cab087da..904698a6a 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -619,6 +619,9 @@ Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch
# rhbz 1708717
Patch537: neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch
+# CVE-2019-12614 rhbz 1718176 1718185
+Patch538: powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1857,6 +1860,9 @@ fi
#
#
%changelog
+* Fri Jun 07 2019 Justin M. Forbes <jforbes@fedoraproject.org>
+- Fix CVE-2019-12614 (rhbz 1718176 1718185)
+
* Thu Jun 06 2019 Jeremy Cline <jcline@redhat.com>
- Fix incorrect permission denied with lock down off (rhbz 1658675)
- Fix an issue with the IPv6 neighbor table (rhbz 1708717)
diff --git a/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
new file mode 100644
index 000000000..d4d14b8f9
--- /dev/null
+++ b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch
@@ -0,0 +1,34 @@
+From efa9ace68e487ddd29c2b4d6dd23242158f1f607 Mon Sep 17 00:00:00 2001
+From: Gen Zhang <blackgod016574@gmail.com>
+Date: Sun, 26 May 2019 10:42:40 +0800
+Subject: powerpc/pseries/dlpar: Fix a missing check in
+ dlpar_parse_cc_property()
+
+In dlpar_parse_cc_property(), 'prop->name' is allocated by kstrdup().
+kstrdup() may return NULL, so it should be checked and handle error.
+And prop should be freed if 'prop->name' is NULL.
+
+Signed-off-by: Gen Zhang <blackgod016574@gmail.com>
+Signed-off-by: Michael Ellerman <mpe@ellerman.id.au>
+---
+ arch/powerpc/platforms/pseries/dlpar.c | 4 ++++
+ 1 file changed, 4 insertions(+)
+
+diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c
+index 17958043e7f7..c852024044bb 100644
+--- a/arch/powerpc/platforms/pseries/dlpar.c
++++ b/arch/powerpc/platforms/pseries/dlpar.c
+@@ -61,6 +61,10 @@ static struct property *dlpar_parse_cc_property(struct cc_workarea *ccwa)
+
+ name = (char *)ccwa + be32_to_cpu(ccwa->name_offset);
+ prop->name = kstrdup(name, GFP_KERNEL);
++ if (!prop->name) {
++ dlpar_free_cc_property(prop);
++ return NULL;
++ }
+
+ prop->length = be32_to_cpu(ccwa->prop_length);
+ value = (char *)ccwa + be32_to_cpu(ccwa->prop_offset);
+--
+cgit 1.2-0.3.lf.el7
+
generated by cgit (git 2.34.1) at 2024-06-19 11:38:40 +0000