--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0028
+
+--- a/kernel/fork.c
++++ b/kernel/fork.c
+@@ -1172,7 +1172,9 @@ static struct task_struct *copy_process(
+ p->parent_exec_id = p->self_exec_id;
+
+ /* ok, now we should be set up.. */
+- p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 : (clone_flags & CSIGNAL);
++ p->exit_signal = (clone_flags & CLONE_THREAD) ? -1 :
++ (clone_flags & CLONE_PARENT) ? current->group_leader->exit_signal :
++ (clone_flags & CSIGNAL);
+ p->pdeath_signal = 0;
+ p->exit_state = 0;
+
--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0065
+
+--- a/net/sctp/sm_statefuns.c
++++ b/net/sctp/sm_statefuns.c
+@@ -3507,6 +3507,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
+ {
+ struct sctp_chunk *chunk = arg;
+ struct sctp_fwdtsn_hdr *fwdtsn_hdr;
++ struct sctp_fwdtsn_skip *skip;
+ __u16 len;
+ __u32 tsn;
+
+@@ -3536,6 +3537,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn(c
+ if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
+ goto discard_noforce;
+
++ /* Silently discard the chunk if stream-id is not valid */
++ sctp_walk_fwdtsn(skip, chunk) {
++ if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams)
++ goto discard_noforce;
++ }
++
+ sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
+ if (len > sizeof(struct sctp_fwdtsn_hdr))
+ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
+@@ -3567,6 +3574,7 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ {
+ struct sctp_chunk *chunk = arg;
+ struct sctp_fwdtsn_hdr *fwdtsn_hdr;
++ struct sctp_fwdtsn_skip *skip;
+ __u16 len;
+ __u32 tsn;
+
+@@ -3596,6 +3604,12 @@ sctp_disposition_t sctp_sf_eat_fwd_tsn_f
+ if (sctp_tsnmap_check(&asoc->peer.tsn_map, tsn) < 0)
+ goto gen_shutdown;
+
++ /* Silently discard the chunk if stream-id is not valid */
++ sctp_walk_fwdtsn(skip, chunk) {
++ if (ntohs(skip->stream) >= asoc->c.sinit_max_instreams)
++ goto gen_shutdown;
++ }
++
+ sctp_add_cmd_sf(commands, SCTP_CMD_REPORT_FWDTSN, SCTP_U32(tsn));
+ if (len > sizeof(struct sctp_fwdtsn_hdr))
+ sctp_add_cmd_sf(commands, SCTP_CMD_PROCESS_FWDTSN,
--- /dev/null
+http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1439
+
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3398,14 +3398,11 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ BCC(smb_buffer_response)) {
+ kfree(tcon->nativeFileSystem);
+ tcon->nativeFileSystem =
+- kzalloc(length + 2, GFP_KERNEL);
++ kzalloc((4 * length) + 2, GFP_KERNEL);
+ cifs_strfromUCS_le(tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
+- bcc_ptr += 2 * length;
+- bcc_ptr[0] = 0; /* null terminate the string */
+- bcc_ptr[1] = 0;
+- bcc_ptr += 2;
++ bcc_ptr += (2 * length) + 2;
+ }
+ /* else do not bother copying these information fields*/
+ } else {
projects / openwrt / svn-archive / openwrt.git / commitdiff