[Glibc-bsd-commits] r2130 - in trunk/kfreebsd-6/debian: . patches
ps-guest at alioth.debian.org
ps-guest at alioth.debian.org
Fri Feb 15 07:51:38 UTC 2008
Author: ps-guest
Date: 2008-02-15 07:51:36 +0000 (Fri, 15 Feb 2008)
New Revision: 2130
Added:
trunk/kfreebsd-6/debian/patches/000_sendfile.diff
Modified:
trunk/kfreebsd-6/debian/changelog
trunk/kfreebsd-6/debian/patches/series
Log:
* Fix sendfile(2) write-only file permission bypass
(FreeBSD-SA-08:03.sendfile / CVE-2008-0777).
Modified: trunk/kfreebsd-6/debian/changelog
===================================================================
--- trunk/kfreebsd-6/debian/changelog 2008-02-08 17:03:06 UTC (rev 2129)
+++ trunk/kfreebsd-6/debian/changelog 2008-02-15 07:51:36 UTC (rev 2130)
@@ -1,3 +1,11 @@
+kfreebsd-6 (6.3-3) UNRELEASED; urgency=high
+
+ [ Petr Salinger ]
+ * Fix sendfile(2) write-only file permission bypass
+ (FreeBSD-SA-08:03.sendfile / CVE-2008-0777).
+
+ -- Aurelien Jarno <aurel32 at debian.org> Fri, 15 Feb 2008 08:32:14 +0100
+
kfreebsd-6 (6.3-2) unstable; urgency=low
* Really build-depends on gcc-3.4.
Added: trunk/kfreebsd-6/debian/patches/000_sendfile.diff
===================================================================
--- trunk/kfreebsd-6/debian/patches/000_sendfile.diff (rev 0)
+++ trunk/kfreebsd-6/debian/patches/000_sendfile.diff 2008-02-15 07:51:36 UTC (rev 2130)
@@ -0,0 +1,61 @@
+Index: sys/kern/kern_descrip.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/kern_descrip.c,v
+retrieving revision 1.313
+diff -u -d -r1.313 kern_descrip.c
+--- sys/kern/kern_descrip.c 6 Aug 2007 14:26:00 -0000 1.313
++++ sys/kern/kern_descrip.c 4 Feb 2008 19:05:42 -0000
+@@ -2046,7 +2046,7 @@
+ int error;
+
+ *vpp = NULL;
+- if ((error = _fget(td, fd, &fp, 0, 0)) != 0)
++ if ((error = _fget(td, fd, &fp, flags, 0)) != 0)
+ return (error);
+ if (fp->f_vnode == NULL) {
+ error = EINVAL;
+Index: sys/kern/uipc_syscalls.c
+===================================================================
+RCS file: /home/ncvs/src/sys/kern/uipc_syscalls.c,v
+retrieving revision 1.259.2.1
+diff -u -d -r1.259.2.1 uipc_syscalls.c
+--- sys/kern/uipc_syscalls.c 1 Feb 2008 22:51:39 -0000 1.259.2.1
++++ sys/kern/uipc_syscalls.c 4 Feb 2008 19:05:42 -0000
+@@ -1796,20 +1796,23 @@
+ goto out;
+ vfslocked = VFS_LOCK_GIANT(vp->v_mount);
+ vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td);
+- obj = vp->v_object;
+- if (obj != NULL) {
+- /*
+- * Temporarily increase the backing VM object's reference
+- * count so that a forced reclamation of its vnode does not
+- * immediately destroy it.
+- */
+- VM_OBJECT_LOCK(obj);
+- if ((obj->flags & OBJ_DEAD) == 0) {
+- vm_object_reference_locked(obj);
+- VM_OBJECT_UNLOCK(obj);
+- } else {
+- VM_OBJECT_UNLOCK(obj);
+- obj = NULL;
++ if (vp->v_type == VREG) {
++ obj = vp->v_object;
++ if (obj != NULL) {
++ /*
++ * Temporarily increase the backing VM
++ * object's reference count so that a forced
++ * reclamation of its vnode does not
++ * immediately destroy it.
++ */
++ VM_OBJECT_LOCK(obj);
++ if ((obj->flags & OBJ_DEAD) == 0) {
++ vm_object_reference_locked(obj);
++ VM_OBJECT_UNLOCK(obj);
++ } else {
++ VM_OBJECT_UNLOCK(obj);
++ obj = NULL;
++ }
+ }
+ }
+ VOP_UNLOCK(vp, 0, td);
Modified: trunk/kfreebsd-6/debian/patches/series
===================================================================
--- trunk/kfreebsd-6/debian/patches/series 2008-02-08 17:03:06 UTC (rev 2129)
+++ trunk/kfreebsd-6/debian/patches/series 2008-02-15 07:51:36 UTC (rev 2130)
@@ -1,3 +1,4 @@
+000_sendfile.diff -p0
000_nfe.diff -p0
001_misc.diff -p0
003_glibc_dev_aicasm.diff -p0
More information about the Glibc-bsd-commits
mailing list