From 4e6258a4d9ffebd61ce0ef38e75d941359288fcd Mon Sep 17 00:00:00 2001 From: "Justin M. Forbes" Date: Mon, 3 Jun 2019 09:20:33 -0500 Subject: Fix CVE-2019-12378 CVE-2019-3846 CVE-2019-12380 CVE-2019-12381 CVE-2019-12382 CVE-2019-12379 --- ...ue-Fix-missing-check-bug-in-ip_ra_control.patch | 33 ++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch (limited to '0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch') diff --git a/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch b/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch new file mode 100644 index 000000000..de07ef732 --- /dev/null +++ b/0001-ip_sockglue-Fix-missing-check-bug-in-ip_ra_control.patch @@ -0,0 +1,33 @@ +From 425aa0e1d01513437668fa3d4a971168bbaa8515 Mon Sep 17 00:00:00 2001 +From: Gen Zhang +Date: Fri, 24 May 2019 11:24:26 +0800 +Subject: [PATCH] ip_sockglue: Fix missing-check bug in ip_ra_control() + +In function ip_ra_control(), the pointer new_ra is allocated a memory +space via kmalloc(). And it is used in the following codes. However, +when there is a memory allocation error, kmalloc() fails. Thus null +pointer dereference may happen. And it will cause the kernel to crash. +Therefore, we should check the return value and handle the error. + +Signed-off-by: Gen Zhang +Signed-off-by: David S. Miller +--- + net/ipv4/ip_sockglue.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/net/ipv4/ip_sockglue.c b/net/ipv4/ip_sockglue.c +index 82f341e84fae..aa3fd61818c4 100644 +--- a/net/ipv4/ip_sockglue.c ++++ b/net/ipv4/ip_sockglue.c +@@ -343,6 +343,8 @@ int ip_ra_control(struct sock *sk, unsigned char on, + return -EINVAL; + + new_ra = on ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL; ++ if (on && !new_ra) ++ return -ENOMEM; + + mutex_lock(&net->ipv4.ra_mutex); + for (rap = &net->ipv4.ra_chain; +-- +2.21.0 + -- cgit