From: Chris Wright <chrisw@sous-sol.org>
Date: Wed, 17 May 2006 07:42:20 +0000 (-0700)
Subject: update netfilter patch comments
X-Git-Tag: v2.6.16.17~18
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a1260dcaaaf3137e3df217080375b9562f18f50e;p=thirdparty%2Fkernel%2Fstable-queue.git

update netfilter patch comments
---

diff --git a/queue-2.6.16/netfilter-do_add_counters-race-possible-info-leak.patch b/queue-2.6.16/netfilter-do_add_counters-race-possible-info-leak.patch
index 599512faec7..9ac5e7367a2 100644
--- a/queue-2.6.16/netfilter-do_add_counters-race-possible-info-leak.patch
+++ b/queue-2.6.16/netfilter-do_add_counters-race-possible-info-leak.patch
@@ -3,17 +3,18 @@ Date: Tue, 16 May 2006 12:07:20 -0700
 From: Chris Wright <chrisw@sous-sol.org>
 To: Marcel Holtmann <holtmann@redhat.com>
 Cc: Kirill Korotaev <dev@sw.ru>, Solar Designer <solar@openwall.com>, Patrick McHardy <kaber@trash.net>
-Subject: [PATCH] Netfilter: do_add_counters race, possible info leak (CVE-2006-0039)
+Subject: [PATCH] Netfilter: do_add_counters race, possible oops or info leak (CVE-2006-0039)
 
-Solar Designer found a race condition in do_add_counters(). The beginning of
-paddc is supposed to be the same as tmp which was sanity-checked above, but it
-might not be the same in reality. In case the integer overflow and/or the race
-condition are triggered, paddc->num_counters might not match the allocation size
-for paddc. If the check below (t->private->number != paddc->num_counters)
-nevertheless passes (perhaps this requires the race condition to be triggered),
-IPT_ENTRY_ITERATE() would read kernel memory beyond the allocation size,
-potentially leaking sensitive data (e.g., passwords from host system or from
-another VPS) via counter increments.  This requires CAP_NET_ADMIN.
+Solar Designer found a race condition in do_add_counters(). The beginning
+of paddc is supposed to be the same as tmp which was sanity-checked
+above, but it might not be the same in reality. In case the integer
+overflow and/or the race condition are triggered, paddc->num_counters
+might not match the allocation size for paddc. If the check below
+(t->private->number != paddc->num_counters) nevertheless passes (perhaps
+this requires the race condition to be triggered), IPT_ENTRY_ITERATE()
+would read kernel memory beyond the allocation size, potentially causing
+an oops or leaking sensitive data (e.g., passwords from host system or
+from another VPS) via counter increments.  This requires CAP_NET_ADMIN.
 
 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=191698
 
@@ -24,8 +25,6 @@ Cc: Patrick McHardy <kaber@trash.net>
 Signed-off-by: Chris Wright <chrisw@sous-sol.org>
 ---
 
-diff --git a/net/ipv4/netfilter/arp_tables.c b/net/ipv4/netfilter/arp_tables.c
-index 7d7ab94..12bfc25 100644
  net/ipv4/netfilter/arp_tables.c |    2 +-
  net/ipv4/netfilter/ip_tables.c  |    2 +-
  net/ipv6/netfilter/ip6_tables.c |    2 +-