4.1.y missing commit for CVE-2016-10229

4.1.y missing commit for CVE-2016-10229

[Josh Hunt]

It looks like the following commit:

197c949e7798 ("udp: properly support MSG_PEEK with truncated buffers")

did not get backported to 4.1.y stable. I do see it in 4.4.y. If the 
authors of the patch are OK with this can we please get this included in 
4.1.y?

FWIW the 4.4.y commit, dfe2042d96065f044a794f684e9f7976a4ca6e24, 
cherry-picks cleanly on top of 4.1.y.

Here's a link to the CVE info:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10229

Thanks
Josh

Re: 4.1.y missing commit for CVE-2016-10229

[Josh Hunt]

On 04/13/2017 11:41 AM, Josh Hunt wrote:
> It looks like the following commit:
>
> 197c949e7798 ("udp: properly support MSG_PEEK with truncated buffers")
>
> did not get backported to 4.1.y stable. I do see it in 4.4.y. If the
> authors of the patch are OK with this can we please get this included in
> 4.1.y?
>
> FWIW the 4.4.y commit, dfe2042d96065f044a794f684e9f7976a4ca6e24,
> cherry-picks cleanly on top of 4.1.y.
>
> Here's a link to the CVE info:
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10229
>

Looking into this more it appears that this commit may not be necessary 
for 4.1 since it has Al Viro's argument change mentioned by Eric in the 
commit message. Although if someone could confirm that would be helpful.

Our initial thought was all kernels < 4.5 were affected. This does not 
seem to be the case.

Josh