diff options
-rw-r--r-- | kernel.spec | 6 | ||||
-rw-r--r-- | powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch | 34 |
2 files changed, 40 insertions, 0 deletions
diff --git a/kernel.spec b/kernel.spec index 1cab087da..904698a6a 100644 --- a/kernel.spec +++ b/kernel.spec @@ -619,6 +619,9 @@ Patch536: scsi-mpt3sas_ctl-fix-double-fetch-bug-in_ctl_ioctl_main.patch # rhbz 1708717 Patch537: neighbor-Reset-gc_entries-counter-if-new-entry-is-re.patch +# CVE-2019-12614 rhbz 1718176 1718185 +Patch538: powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch + # END OF PATCH DEFINITIONS %endif @@ -1857,6 +1860,9 @@ fi # # %changelog +* Fri Jun 07 2019 Justin M. Forbes <jforbes@fedoraproject.org> +- Fix CVE-2019-12614 (rhbz 1718176 1718185) + * Thu Jun 06 2019 Jeremy Cline <jcline@redhat.com> - Fix incorrect permission denied with lock down off (rhbz 1658675) - Fix an issue with the IPv6 neighbor table (rhbz 1708717) diff --git a/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch new file mode 100644 index 000000000..d4d14b8f9 --- /dev/null +++ b/powerpc-fix-a-missing-check-in-dlpar_parse_cc_property.patch @@ -0,0 +1,34 @@ +From efa9ace68e487ddd29c2b4d6dd23242158f1f607 Mon Sep 17 00:00:00 2001 +From: Gen Zhang <blackgod016574@gmail.com> +Date: Sun, 26 May 2019 10:42:40 +0800 +Subject: powerpc/pseries/dlpar: Fix a missing check in + dlpar_parse_cc_property() + +In dlpar_parse_cc_property(), 'prop->name' is allocated by kstrdup(). +kstrdup() may return NULL, so it should be checked and handle error. +And prop should be freed if 'prop->name' is NULL. + +Signed-off-by: Gen Zhang <blackgod016574@gmail.com> +Signed-off-by: Michael Ellerman <mpe@ellerman.id.au> +--- + arch/powerpc/platforms/pseries/dlpar.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/arch/powerpc/platforms/pseries/dlpar.c b/arch/powerpc/platforms/pseries/dlpar.c +index 17958043e7f7..c852024044bb 100644 +--- a/arch/powerpc/platforms/pseries/dlpar.c ++++ b/arch/powerpc/platforms/pseries/dlpar.c +@@ -61,6 +61,10 @@ static struct property *dlpar_parse_cc_property(struct cc_workarea *ccwa) + + name = (char *)ccwa + be32_to_cpu(ccwa->name_offset); + prop->name = kstrdup(name, GFP_KERNEL); ++ if (!prop->name) { ++ dlpar_free_cc_property(prop); ++ return NULL; ++ } + + prop->length = be32_to_cpu(ccwa->prop_length); + value = (char *)ccwa + be32_to_cpu(ccwa->prop_offset); +-- +cgit 1.2-0.3.lf.el7 + |