Hello.
A memory corruption problem was discovered in TOMOYO Linux 1.7.0 and 1.7.1 .
If memory allocation request for keeping IPv6 address was failed due to
out-of-memory, memory corruption which might lead to kernel crash occurs.
Patch to fix this problem is shown below.
--- 1.7.1p2/security/ccsecurity/memory.c
+++ 1.7.1p3/security/ccsecurity/memory.c
@@ -118,10 +118,11 @@ const struct in6_addr *ccs_get_ipv6_addr
atomic_set(&ptr->users, 1);
list_add_tail(&ptr->list, &ccs_address_list);
entry = NULL;
+ error = 0;
}
mutex_unlock(&ccs_policy_lock);
kfree(entry);
- return ptr ? &ptr->addr : NULL;
+ return !error ? &ptr->addr : NULL;
}
/* The list for "struct ccs_name_entry". */
I uploaded TOMOYO 1.7.1p3 which fixed this security problem and other
non-security problem.
http://sourceforge.jp/frs/redir.php?f=/tomoyo/43375/ccs-patch-1.7.1-20100326.tar.gz
MD5: 9999f1a70ee5ee3d1a6c6e8e56d0e4b5
Sincerely.
_______________________________________________
tomoyo-users-en mailing list
[email protected]
http://lists.sourceforge.jp/mailman/listinfo/tomoyo-users-en
