From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Fri, 22 Jun 2012 19:36:41 +0000 (-0700)
Subject: 3.4-stable patches
X-Git-Tag: v3.0.37~47
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=258b715f8b455b3cab00162503d149602f91d995;p=thirdparty%2Fkernel%2Fstable-queue.git

3.4-stable patches

added patches:
	tools-hv-verify-origin-of-netlink-connector-message.patch
---

diff --git a/queue-3.4/series b/queue-3.4/series
new file mode 100644
index 00000000000..f922113850a
--- /dev/null
+++ b/queue-3.4/series
@@ -0,0 +1 @@
+tools-hv-verify-origin-of-netlink-connector-message.patch
diff --git a/queue-3.4/tools-hv-verify-origin-of-netlink-connector-message.patch b/queue-3.4/tools-hv-verify-origin-of-netlink-connector-message.patch
new file mode 100644
index 00000000000..4a1fda790cf
--- /dev/null
+++ b/queue-3.4/tools-hv-verify-origin-of-netlink-connector-message.patch
@@ -0,0 +1,48 @@
+From bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c Mon Sep 17 00:00:00 2001
+From: Olaf Hering <olaf@aepfle.de>
+Date: Thu, 31 May 2012 16:40:06 +0200
+Subject: Tools: hv: verify origin of netlink connector message
+
+From: Olaf Hering <olaf@aepfle.de>
+
+commit bcc2c9c3fff859e0eb019fe6fec26f9b8eba795c upstream.
+
+The SuSE security team suggested to use recvfrom instead of recv to be
+certain that the connector message is originated from kernel.
+
+CVE-2012-2669
+
+Signed-off-by: Olaf Hering <olaf@aepfle.de>
+Signed-off-by: Marcus Meissner <meissner@suse.de>
+Signed-off-by: Sebastian Krahmer <krahmer@suse.de>
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ tools/hv/hv_kvp_daemon.c |   10 +++++++---
+ 1 file changed, 7 insertions(+), 3 deletions(-)
+
+--- a/tools/hv/hv_kvp_daemon.c
++++ b/tools/hv/hv_kvp_daemon.c
+@@ -701,14 +701,18 @@ int main(void)
+ 	pfd.fd = fd;
+ 
+ 	while (1) {
++		struct sockaddr *addr_p = (struct sockaddr *) &addr;
++		socklen_t addr_l = sizeof(addr);
+ 		pfd.events = POLLIN;
+ 		pfd.revents = 0;
+ 		poll(&pfd, 1, -1);
+ 
+-		len = recv(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0);
++		len = recvfrom(fd, kvp_recv_buffer, sizeof(kvp_recv_buffer), 0,
++				addr_p, &addr_l);
+ 
+-		if (len < 0) {
+-			syslog(LOG_ERR, "recv failed; error:%d", len);
++		if (len < 0 || addr.nl_pid) {
++			syslog(LOG_ERR, "recvfrom failed; pid:%u error:%d %s",
++					addr.nl_pid, errno, strerror(errno));
+ 			close(fd);
+ 			return -1;
+ 		}