Re: [linux-2.6] Fix signedness issues in net/core/filter.c

To: Florian Weimer <fw@deneb.enyo.de>
Cc: debian-kernel@lists.debian.org, secure-testing-team@lists.alioth.debian.org
Subject: Re: [linux-2.6] Fix signedness issues in net/core/filter.c
From: Horms <horms@debian.org>
Date: Thu, 27 Oct 2005 15:49:49 +0900
Message-id: <[🔎] 20051027064948.GC5321@verge.net.au>
Mail-followup-to: Florian Weimer <fw@deneb.enyo.de>, debian-kernel@lists.debian.org, secure-testing-team@lists.alioth.debian.org
In-reply-to: <[🔎] 87ll0gkupa.fsf@mid.deneb.enyo.de>
References: <[🔎] 877jc14nk8.fsf@mid.deneb.enyo.de> <[🔎] 20051026103226.GA3681@verge.net.au> <[🔎] 87ll0gkupa.fsf@mid.deneb.enyo.de>

On Wed, Oct 26, 2005 at 08:18:57PM +0200, Florian Weimer wrote:
> > On Tue, Oct 25, 2005 at 05:35:19PM +0200, Florian Weimer wrote:
> >> Is the issue described below already on your radar screen?  I couldn't
> >> find it in the relevant files.  AFAICT, no CVE name has been assigned.
> >
> > Its the first I've seen of it, but that doesn't mean much.
> > Which GIT tree is the commit from, I checked Linus' 2.6 and it
> > doesn't seem to be there. Alternatively, is there a mailing list
> > discussion you can point me to?
> 
> It seems to be in Linus' tree.  Note that it is not actually recent.
> 
> <http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=55820ee2f8c767a2833b21bd365e5753f50bd8ce>
> 
> There hasn't been a real discussion.  I was alerted to this commit by
> Herbert Xu's message:
> 
> From:	Herbert Xu <herbert@gondor.apana.org.au>
> Subject: Re: [CHECKER] buffer overflows in net/core/filter.c?
> To:	engler@csl.stanford.edu
> Cc:	linux-kernel@vger.kernel.org, engler@cs.stanford.edu,
> 	jschlst@samba.org, mc@cs.stanford.edu, kaber@trash.net
> Date:	Sun, 16 Oct 2005 21:55:48 +1000
> Organization: Core
> Message-Id: <E1ER77E-0002N0-00@gondolin.me.apana.org.au>
> 
> I found another message referencing this problem.
> 
> From:	Chris Wright <chrisw@osdl.org>
> Subject: [05/13] [NET]: Fix signedness issues in net/core/filter.c
> To:	linux-kernel@vger.kernel.org, stable@kernel.org
> Cc:	Justin Forbes <jmforbes@linuxtx.org>,
> 	Zwane Mwaikambo <zwane@arm.linux.org.uk>,
> 	"Theodore Ts'o" <tytso@mit.edu>,
> 	Randy Dunlap <rdunlap@xenotime.net>,
> 	Chuck Wolber <chuckw@quantumlinux.com>, torvalds@osdl.org,
> 	akpm@osdl.org, alan@lxorguk.ukuu.org.uk,
> 	Patrick McHardy <kaber@trash.net>
> Date:	Tue, 2 Aug 2005 23:53:48 -0700
> Message-ID: <20050803065348.GT7762@shell0.pdx.osdl.net>
> Enyo-Status: sender=12.107.209.244 asn=22753 hflags= mflags=k
> 
> This one suggests it was part of 12.6.2.4.  Indeed, there seems to be
> this change:
> 
> <http://www.kernel.org/git/?p=linux/kernel/git/chrisw/linux-2.6.12.y.git;a=commit;h=4717ecd49ce5c556d38e8c7b6fdc9fac5d35c00e>

Thanks, Dann and I went over 2.6.4 and noted out findings at
http://lists.debian.org/debian-kernel/2005/08/msg00030.html

In a nutshell, it wasn't in 2.6.8 or 2.4.27. And it was fixed 2.6.12-2.
Its probably worth of a CVE, but from Debian persipective, both
sarge and etch are clean.

-- 
Horms

Reply to:

References:
- [linux-2.6] Fix signedness issues in net/core/filter.c
  - From: Florian Weimer <fw@deneb.enyo.de>
- Re: [linux-2.6] Fix signedness issues in net/core/filter.c
  - From: Horms <horms@debian.org>
- Re: [linux-2.6] Fix signedness issues in net/core/filter.c
  - From: Florian Weimer <fw@deneb.enyo.de>

Prev by Date: Re: [parisc-linux] Re: Debian's 2.6.14-rc5 fails to build on hppa
Next by Date: Re: Ralink RT2500 54g wireless for inclusion?
Previous by thread: Re: [linux-2.6] Fix signedness issues in net/core/filter.c
Next by thread: Bug#335733: linux-source-2.6.12: README.gz doesn't mention bzip2 source tarball
Index(es):
- Date
- Thread