Linux 2.6.11.4

Linux 2.6.11.4

[Greg KH]

I've release 2.6.11.4 with two security fixes in it.  It can be found at
the normal kernel.org places.

The diffstat and short summary of the fixes are below.  

I'll also be replying to this message with a copy of the patch between
2.6.11.3 and 2.6.11.4, as it is small enough to do so.

thanks,
 
greg k-h

------
 Makefile                |    2 +-
 drivers/net/ppp_async.c |    2 +-
 fs/exec.c               |    2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)


Summary of changes from v2.6.11.3 to v2.6.11.4
==============================================

Greg Kroah-Hartman:
  o Linux 2.6.11.4

Paul Mackerras:
  o CAN-2005-0384: Remote Linux DoS on ppp servers

Prasanna Meda:
  o use strncpy in get_task_comm

Re: Linux 2.6.11.4

[Greg KH]

diff -Nru a/Makefile b/Makefile
--- a/Makefile	2005-03-15 16:09:59 -08:00
+++ b/Makefile	2005-03-15 16:09:59 -08:00
@@ -1,7 +1,7 @@
 VERSION = 2
 PATCHLEVEL = 6
 SUBLEVEL = 11
-EXTRAVERSION = .3
+EXTRAVERSION = .4
 NAME=Woozy Numbat
 
 # *DOCUMENTATION*
diff -Nru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
--- a/drivers/net/ppp_async.c	2005-03-15 16:09:59 -08:00
+++ b/drivers/net/ppp_async.c	2005-03-15 16:09:59 -08:00
@@ -1000,7 +1000,7 @@
 	data += 4;
 	dlen -= 4;
 	/* data[0] is code, data[1] is length */
-	while (dlen >= 2 && dlen >= data[1]) {
+	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
 		switch (data[0]) {
 		case LCP_MRU:
 			val = (data[2] << 8) + data[3];
diff -Nru a/fs/exec.c b/fs/exec.c
--- a/fs/exec.c	2005-03-15 16:09:59 -08:00
+++ b/fs/exec.c	2005-03-15 16:09:59 -08:00
@@ -814,7 +814,7 @@
 {
 	/* buf must be at least sizeof(tsk->comm) in size */
 	task_lock(tsk);
-	memcpy(buf, tsk->comm, sizeof(tsk->comm));
+	strncpy(buf, tsk->comm, sizeof(tsk->comm));
 	task_unlock(tsk);
 }
 

Re: Linux 2.6.11.4

[Hacksaw]

+	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {

Not that it matters much to me, since I don't have to maintain it, but 
couldn't this be:

	while (data[1] >= 2 && dlen >= data[1]) {

I think this captures the relationship and priority.
-- 
http://www.hacksaw.org -- http://www.privatecircus.com -- KB1FVD

Re: Linux 2.6.11.4

[Krzysztof Halasa]

[-- Attachment #1: Type: text/plain, Size: 287 bytes --]

Greg KH <greg@kroah.com> writes:

> I've release 2.6.11.4 with two security fixes in it.  It can be found at
> the normal kernel.org places.

How about the N2/C101/PCI200SYN WAN driver fix (kernel panic on receive)?

Signed-off-by: Krzysztof Halasa <khc@pm.waw.pl>

-- 
Krzysztof Halasa

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: hdlc-skb-dev-only.patch --]
[-- Type: text/x-patch, Size: 334 bytes --]

--- linux/drivers/net/wan/hd6457x.c	28 Oct 2004 06:16:08 -0000	1.15
+++ linux/drivers/net/wan/hd6457x.c	1 Mar 2005 00:58:08 -0000
@@ -315,7 +315,7 @@
 #endif
 	stats->rx_packets++;
 	stats->rx_bytes += skb->len;
-	skb->dev->last_rx = jiffies;
+	dev->last_rx = jiffies;
 	skb->protocol = hdlc_type_trans(skb, dev);
 	netif_rx(skb);
 }

Re: Linux 2.6.11.4

[Greg KH]

On Wed, Mar 16, 2005 at 02:11:43PM +0100, Krzysztof Halasa wrote:
> Greg KH <greg@kroah.com> writes:
> 
> > I've release 2.6.11.4 with two security fixes in it.  It can be found at
> > the normal kernel.org places.
> 
> How about the N2/C101/PCI200SYN WAN driver fix (kernel panic on receive)?
> 
> Signed-off-by: Krzysztof Halasa <khc@pm.waw.pl>

It's queued up for the "normal" review process (will probably start
tomorrow, or later today.)  This release was due to the ppp issue being
public.

thanks,

greg k-h

Re: Linux 2.6.11.4

[Jeff Garzik]

Greg KH wrote:
> On Wed, Mar 16, 2005 at 02:11:43PM +0100, Krzysztof Halasa wrote:
> 
>>Greg KH <greg@kroah.com> writes:
>>
>>
>>>I've release 2.6.11.4 with two security fixes in it.  It can be found at
>>>the normal kernel.org places.
>>
>>How about the N2/C101/PCI200SYN WAN driver fix (kernel panic on receive)?
>>
>>Signed-off-by: Krzysztof Halasa <khc@pm.waw.pl>
> 
> 
> It's queued up for the "normal" review process (will probably start
> tomorrow, or later today.)  This release was due to the ppp issue being
> public.

Krzysztof's patch is already ACK'd by me, FWIW (and its in upstream).

	Jeff