[Glibc-bsd-commits] r5657 - in branches/wheezy/kfreebsd-9/debian: . patches
stevenc-guest at alioth.debian.org
stevenc-guest at alioth.debian.org
Tue Oct 21 21:43:40 UTC 2014
Author: stevenc-guest
Date: 2014-10-21 21:43:40 +0000 (Tue, 21 Oct 2014)
New Revision: 5657
Added:
branches/wheezy/kfreebsd-9/debian/patches/SA-14_22.namei.patch
Modified:
branches/wheezy/kfreebsd-9/debian/changelog
branches/wheezy/kfreebsd-9/debian/patches/series
Log:
Pick SVN 273412 from FreeBSD 9-STABLE to fix SA-14:22 / CVE-2014-3711:
Memory leak in sandboxed namei lookup (Closes: #766275)
Modified: branches/wheezy/kfreebsd-9/debian/changelog
===================================================================
--- branches/wheezy/kfreebsd-9/debian/changelog 2014-10-21 21:06:03 UTC (rev 5656)
+++ branches/wheezy/kfreebsd-9/debian/changelog 2014-10-21 21:43:40 UTC (rev 5657)
@@ -1,11 +1,12 @@
-kfreebsd-9 (9.0-10+deb70.8) UNRELEASED; urgency=low
+kfreebsd-9 (9.0-10+deb70.8) UNRELEASED; urgency=high
* Team upload.
- * Pick SVN 268432 from FreeBSD 9-STABLE to fix SA-14:17:
- - kernel memory disclosure in sockbuf control message
- (CVE-2014-3952) (Closes: #754236))
+ * Pick SVN 268432 from FreeBSD 9-STABLE to fix SA-14:17 / CVE-2014-3952:
+ kernel memory disclosure in sockbuf control message (Closes: #754236)
* Disable SCTP since it was unsupported yet in userland and has
security issues (CVE-2014-3953)
+ * Pick SVN 273412 from FreeBSD 9-STABLE to fix SA-14:22 / CVE-2014-3711:
+ Memory leak in sandboxed namei lookup (Closes: #766275)
-- Steven Chamberlain <steven at pyro.eu.org> Tue, 08 Jul 2014 23:03:16 +0000
kfreebsd-9 (9.0-10+deb70.7) wheezy-security; urgency=high
Added: branches/wheezy/kfreebsd-9/debian/patches/SA-14_22.namei.patch
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/SA-14_22.namei.patch (rev 0)
+++ branches/wheezy/kfreebsd-9/debian/patches/SA-14_22.namei.patch 2014-10-21 21:43:40 UTC (rev 5657)
@@ -0,0 +1,104 @@
+Description:
+ Fix memory leak in sandboxed namei lookup. [SA-14:22]
+ (CVE-2014-3711)
+Origin: vendor, http://security.freebsd.org/patches/SA-14:22/namei-9.patch
+Bug: http://security.freebsd.org/advisories/FreeBSD-SA-14:22.namei.asc
+Bug-Debian: http://bugs.debian.org/766275
+Applied-Upstream: http://svnweb.freebsd.org/base?view=revision&revision=273412
+
+--- a/sys/kern/vfs_lookup.c
++++ b/sys/kern/vfs_lookup.c
+@@ -121,6 +121,16 @@
+ * if symbolic link, massage name in buffer and continue
+ * }
+ */
++static void
++namei_cleanup_cnp(struct componentname *cnp)
++{
++ uma_zfree(namei_zone, cnp->cn_pnbuf);
++#ifdef DIAGNOSTIC
++ cnp->cn_pnbuf = NULL;
++ cnp->cn_nameptr = NULL;
++#endif
++}
++
+ int
+ namei(struct nameidata *ndp)
+ {
+@@ -193,11 +203,7 @@
+ }
+ #endif
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ ndp->ni_vp = NULL;
+ return (error);
+ }
+@@ -251,11 +257,7 @@
+ }
+ }
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ return (error);
+ }
+ }
+@@ -281,8 +283,10 @@
+ if (*(cnp->cn_nameptr) == '/') {
+ vrele(dp);
+ VFS_UNLOCK_GIANT(vfslocked);
+- if (ndp->ni_strictrelative != 0)
++ if (ndp->ni_strictrelative != 0) {
++ namei_cleanup_cnp(cnp);
+ return (ENOTCAPABLE);
++ }
+ while (*(cnp->cn_nameptr) == '/') {
+ cnp->cn_nameptr++;
+ ndp->ni_pathlen--;
+@@ -296,11 +300,7 @@
+ ndp->ni_startdir = dp;
+ error = lookup(ndp);
+ if (error) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ SDT_PROBE(vfs, namei, lookup, return, error, NULL, 0,
+ 0, 0);
+ return (error);
+@@ -312,11 +312,7 @@
+ */
+ if ((cnp->cn_flags & ISSYMLINK) == 0) {
+ if ((cnp->cn_flags & (SAVENAME | SAVESTART)) == 0) {
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ } else
+ cnp->cn_flags |= HASBUF;
+
+@@ -382,11 +378,7 @@
+ vput(ndp->ni_vp);
+ dp = ndp->ni_dvp;
+ }
+- uma_zfree(namei_zone, cnp->cn_pnbuf);
+-#ifdef DIAGNOSTIC
+- cnp->cn_pnbuf = NULL;
+- cnp->cn_nameptr = NULL;
+-#endif
++ namei_cleanup_cnp(cnp);
+ vput(ndp->ni_vp);
+ ndp->ni_vp = NULL;
+ vrele(ndp->ni_dvp);
Modified: branches/wheezy/kfreebsd-9/debian/patches/series
===================================================================
--- branches/wheezy/kfreebsd-9/debian/patches/series 2014-10-21 21:06:03 UTC (rev 5656)
+++ branches/wheezy/kfreebsd-9/debian/patches/series 2014-10-21 21:43:40 UTC (rev 5657)
@@ -22,6 +22,7 @@
SA-14_08.tcp.patch
EN-14_06.exec.patch
SA-14_17.kern.patch
+SA-14_22.namei.patch
# Other patches that might or might not be mergeable
001_misc.diff
More information about the Glibc-bsd-commits
mailing list