From d85f8a309c890aa14f7808d4bed5869ca719ec68 Mon Sep 17 00:00:00 2001
From: Josh Boyer <jwboyer@redhat.com>
Date: Jul 03 2013 19:37:36 +0000
Subject: CVE-2013-2234 net: information leak in AF_KEY notify (rhbz 980995 981007)


---

diff --git a/af_key-fix-info-leaks-in-notify-messages.patch b/af_key-fix-info-leaks-in-notify-messages.patch
new file mode 100644
index 0000000..9d20aec
--- /dev/null
+++ b/af_key-fix-info-leaks-in-notify-messages.patch
@@ -0,0 +1,37 @@
+From a5cc68f3d63306d0d288f31edfc2ae6ef8ecd887 Mon Sep 17 00:00:00 2001
+From: Mathias Krause <minipli@googlemail.com>
+Date: Wed, 26 Jun 2013 21:52:30 +0000
+Subject: af_key: fix info leaks in notify messages
+
+key_notify_sa_flush() and key_notify_policy_flush() miss to initialize
+the sadb_msg_reserved member of the broadcasted message and thereby
+leak 2 bytes of heap memory to listeners. Fix that.
+
+Signed-off-by: Mathias Krause <minipli@googlemail.com>
+Cc: Steffen Klassert <steffen.klassert@secunet.com>
+Cc: "David S. Miller" <davem@davemloft.net>
+Cc: Herbert Xu <herbert@gondor.apana.org.au>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+---
+diff --git a/net/key/af_key.c b/net/key/af_key.c
+index c5fbd75..9da8620 100644
+--- a/net/key/af_key.c
++++ b/net/key/af_key.c
+@@ -1710,6 +1710,7 @@ static int key_notify_sa_flush(const struct km_event *c)
+ 	hdr->sadb_msg_version = PF_KEY_V2;
+ 	hdr->sadb_msg_errno = (uint8_t) 0;
+ 	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
++	hdr->sadb_msg_reserved = 0;
+ 
+ 	pfkey_broadcast(skb, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
+ 
+@@ -2699,6 +2700,7 @@ static int key_notify_policy_flush(const struct km_event *c)
+ 	hdr->sadb_msg_errno = (uint8_t) 0;
+ 	hdr->sadb_msg_satype = SADB_SATYPE_UNSPEC;
+ 	hdr->sadb_msg_len = (sizeof(struct sadb_msg) / sizeof(uint64_t));
++	hdr->sadb_msg_reserved = 0;
+ 	pfkey_broadcast(skb_out, GFP_ATOMIC, BROADCAST_ALL, NULL, c->net);
+ 	return 0;
+ 
+--
+cgit v0.9.2
diff --git a/kernel.spec b/kernel.spec
index cc9c0fb..25f5be5 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -791,6 +791,9 @@ Patch25055: ath3k-dont-use-stack-memory-for-DMA.patch
 Patch25056: iwl3945-better-skb-management-in-rx-path.patch
 Patch25057: iwl4965-better-skb-management-in-rx-path.patch
 
+#CVE-2013-2234 rhbz 980995 981007
+Patch25058: af_key-fix-info-leaks-in-notify-messages.patch
+
 # END OF PATCH DEFINITIONS
 
 %endif
@@ -1520,6 +1523,9 @@ ApplyPatch ath3k-dont-use-stack-memory-for-DMA.patch
 ApplyPatch iwl3945-better-skb-management-in-rx-path.patch
 ApplyPatch iwl4965-better-skb-management-in-rx-path.patch
 
+#CVE-2013-2234 rhbz 980995 981007
+ApplyPatch af_key-fix-info-leaks-in-notify-messages.patch
+
 # END OF PATCH APPLICATIONS
 
 %endif
@@ -2366,6 +2372,7 @@ fi
 #                 ||     ||
 %changelog
 * Wed Jul 03 2013 Josh Boyer <jwboyer@redhat.com>
+- CVE-2013-2234 net: information leak in AF_KEY notify (rhbz 980995 981007)
 - Linux v3.9.9
 
 * Wed Jul 03 2013 Josh Boyer <jwboyer@redhat.com>