Unverified Commit 73282101 authored Aug 29, 2023 by openeuler-ci-bot Committed by Gitee Aug 29, 2023

!1891 [sync] PR-1784: tun/tap: fix CVE-2023-4194

Merge Pull Request from: @openeuler-sync-bot 
 

Origin pull request: 
https://gitee.com/openeuler/kernel/pulls/1784 
 
PR sync from: Dong Chenchen <dongchenchen2@huawei.com>
https://mailweb.openeuler.org/hyperkitty/list/kernel@openeuler.org/message/MJIVQQT72SAC5DJW7GDQSSZ7RNT3AMPF/ 
The original patches fixing CVE-2023-1076 are incorrect.
The patches in this series are supposed to "re-fix" CVE-2023-1076
New CVE is CVE-2023-4194.

Laszlo Ersek (2):
  net: tun_chr_open(): set sk_uid from current_fsuid()
  net: tap_open(): set sk_uid from current_fsuid()


-- 
2.25.1
 
https://gitee.com/src-openeuler/kernel/issues/I7QXHX 
 
Link:https://gitee.com/openeuler/kernel/pulls/1891

 

Reviewed-by: Yue Haibing <yuehaibing@huawei.com>
Signed-off-by: Jialin Zhang <zhangjialin11@huawei.com>

parents e664c7c5 bcb40a4b

drivers/net/tap.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -523,7 +523,7 @@ static int tap_open(struct inode inode, struct file file)
		q->sock.state = SS_CONNECTED;
		q->sock.file = file;
		q->sock.ops = &tap_socket_ops;
		sock_init_data_uid(&q->sock, &q->sk, inode->i_uid);
		sock_init_data_uid(&q->sock, &q->sk, current_fsuid());
		q->sk.sk_write_space = tap_sock_write_space;
		q->sk.sk_destruct = tap_sock_destruct;
		q->flags = IFF_VNET_HDR \| IFF_NO_PI \| IFF_TAP;

drivers/net/tun.c

+1 −1

Original line number	Diff line number	Diff line
		@@ -3446,7 +3446,7 @@ static int tun_chr_open(struct inode inode, struct file file)
		tfile->socket.file = file;
		tfile->socket.ops = &tun_socket_ops;

		sock_init_data_uid(&tfile->socket, &tfile->sk, inode->i_uid);
		sock_init_data_uid(&tfile->socket, &tfile->sk, current_fsuid());

		tfile->sk.sk_write_space = tun_sock_write_space;
		tfile->sk.sk_sndbuf = INT_MAX;