[Glibc-bsd-commits] r4381 - in branches/squeeze/kfreebsd-8/debian: . patches

Steven Chamberlain stevenc-guest at alioth.debian.org
Sun Feb 10 20:47:58 UTC 2013 

Author: stevenc-guest
Date: 2013-02-10 20:47:58 +0000 (Sun, 10 Feb 2013)
New Revision: 4381

Added:
   branches/squeeze/kfreebsd-8/debian/patches/SA-12_08.linux.patch
Modified:
   branches/squeeze/kfreebsd-8/debian/changelog
   branches/squeeze/kfreebsd-8/debian/patches/series
Log:
Apply patch for SA-12:08 / CVE-2012-4576


Modified: branches/squeeze/kfreebsd-8/debian/changelog
===================================================================
--- branches/squeeze/kfreebsd-8/debian/changelog	2012-12-30 00:18:45 UTC (rev 4380)
+++ branches/squeeze/kfreebsd-8/debian/changelog	2013-02-10 20:47:58 UTC (rev 4381)
@@ -1,3 +1,12 @@
+kfreebsd-8 (8.1+dfsg-8+squeeze4) stable-proposed-updates; urgency=low
+
+  [ Steven Chamberlain ]
+  * Apply patch for SA-12:08 / CVE-2012-4576:
+    memory access without proper validation in linux compat system
+    (Closes: #694096)
+
+ -- GNU/kFreeBSD Maintainers <debian-bsd at lists.debian.org>  Sun, 10 Feb 2013 19:30:43 +0000
+
 kfreebsd-8 (8.1+dfsg-8+squeeze3) stable-security; urgency=medium
 
   [ Steven Chamberlain ]

Added: branches/squeeze/kfreebsd-8/debian/patches/SA-12_08.linux.patch
===================================================================
--- branches/squeeze/kfreebsd-8/debian/patches/SA-12_08.linux.patch	                        (rev 0)
+++ branches/squeeze/kfreebsd-8/debian/patches/SA-12_08.linux.patch	2013-02-10 20:47:58 UTC (rev 4381)
@@ -0,0 +1,32 @@
+Index: kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c
+===================================================================
+--- kfreebsd-8-8.1+dfsg.orig/sys/compat/linux/linux_ioctl.c	2009-09-17 12:03:37.000000000 +0100
++++ kfreebsd-8-8.1+dfsg/sys/compat/linux/linux_ioctl.c	2013-02-10 19:26:12.136388557 +0000
+@@ -2228,8 +2228,9 @@
+ 
+ 	ifc.ifc_len = valid_len; 
+ 	sbuf_finish(sb);
+-	memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+-	error = copyout(&ifc, uifc, sizeof(ifc));
++	error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++	if (error == 0)
++		error = copyout(&ifc, uifc, sizeof(ifc));
+ 	sbuf_delete(sb);
+ 	CURVNET_RESTORE();
+ 
+Index: sys/compat/linux/linux_ioctl.c
+===================================================================
+--- a/sys/compat/linux/linux_ioctl.c	(revision 242578)
++++ b/sys/compat/linux/linux_ioctl.c	(working copy)
+@@ -2260,8 +2260,9 @@ again:
+ 
+ 	ifc.ifc_len = valid_len; 
+ 	sbuf_finish(sb);
+-	memcpy(PTRIN(ifc.ifc_buf), sbuf_data(sb), ifc.ifc_len);
+-	error = copyout(&ifc, uifc, sizeof(ifc));
++	error = copyout(sbuf_data(sb), PTRIN(ifc.ifc_buf), ifc.ifc_len);
++	if (error == 0)
++		error = copyout(&ifc, uifc, sizeof(ifc));
+ 	sbuf_delete(sb);
+ 	CURVNET_RESTORE();
+ 

Modified: branches/squeeze/kfreebsd-8/debian/patches/series
===================================================================
--- branches/squeeze/kfreebsd-8/debian/patches/series	2012-12-30 00:18:45 UTC (rev 4380)
+++ branches/squeeze/kfreebsd-8/debian/patches/series	2013-02-10 20:47:58 UTC (rev 4381)
@@ -42,3 +42,4 @@
 950_no_stack_protector.diff
 999_config.diff
 999_firmware.diff
+SA-12_08.linux.patch

More information about the Glibc-bsd-commits mailing list