[Glibc-bsd-commits] r4373 - in trunk/kfreebsd-9/debian: . patches

Christoph Egger christoph at alioth.debian.org
Fri Nov 23 22:04:47 UTC 2012 

Author: christoph
Date: 2012-11-23 22:04:46 +0000 (Fri, 23 Nov 2012)
New Revision: 4373

Added:
   trunk/kfreebsd-9/debian/patches/SA-12_08.linux.patch
Modified:
   trunk/kfreebsd-9/debian/changelog
   trunk/kfreebsd-9/debian/patches/series
Log:
Apply patch for SA-12:08 / CVE-2012-4576:
memory access without proper validation in linux compat system
(Closes: #694097)

Modified: trunk/kfreebsd-9/debian/changelog
===================================================================
--- trunk/kfreebsd-9/debian/changelog	2012-11-23 00:34:13 UTC (rev 4372)
+++ trunk/kfreebsd-9/debian/changelog	2012-11-23 22:04:46 UTC (rev 4373)
@@ -1,9 +1,12 @@
-kfreebsd-9 (9.0-9) unstable; urgency=low
+kfreebsd-9 (9.0-9) unstable; urgency=medium
 
+  * Apply patch for SA-12:08 / CVE-2012-4576:
+    memory access without proper validation in linux compat system
+    (Closes: #694097)
   * Touch conf/DEBIAN to avoid build failures in case someone wants to build the
     kernel with firmware included.
 
- -- Arno Töll <arno at debian.org>  Sat, 03 Nov 2012 03:48:17 +0100
+ -- Christoph Egger <christoph at debian.org>  Fri, 23 Nov 2012 13:45:15 -0800
 
 kfreebsd-9 (9.0-8) unstable; urgency=low
   

Added: trunk/kfreebsd-9/debian/patches/SA-12_08.linux.patch
===================================================================
--- trunk/kfreebsd-9/debian/patches/SA-12_08.linux.patch	                        (rev 0)
+++ trunk/kfreebsd-9/debian/patches/SA-12_08.linux.patch	2012-11-23 22:04:46 UTC (rev 4373)
@@ -0,0 +1,16 @@
+Index: sys/compat/linux/linux_ioctl.c
+===================================================================
+--- a/sys/compat/linux/linux_ioctl.c	(revision 242578)
++++ b/sys/compat/linux/linux_ioctl.c	(working copy)
+@@ -2260,8 +2260,9 @@ again:
+ 
+ 	ifc.ifc_len = valid_len; 
+ 	sbuf_finish(sb);
+-	memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+-	error = copyout(&ifc, uifc, sizeof(ifc));
++	error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++	if (error == 0)
++		error = copyout(&ifc, uifc, sizeof(ifc));
+ 	sbuf_delete(sb);
+ 	CURVNET_RESTORE();
+ 

Modified: trunk/kfreebsd-9/debian/patches/series
===================================================================
--- trunk/kfreebsd-9/debian/patches/series	2012-11-23 00:34:13 UTC (rev 4372)
+++ trunk/kfreebsd-9/debian/patches/series	2012-11-23 22:04:46 UTC (rev 4373)
@@ -7,6 +7,7 @@
 fix_VOP_VPTOCNP_bypass_for_nullfs.diff
 pf_counter_initialization_SVN236364.diff
 svn239447_SCTP_DoS.patch
+SA-12_08.linux.patch
 
 # Other patches that might or might not be mergeable
 001_misc.diff

More information about the Glibc-bsd-commits mailing list