r2514 - in trunk/kernel-2.4/source: kernel-source-2.4.27-2.4.27/debian kernel-source-2.4.27-2.4.27/debian/patches kernel-source-2.4.27-2.4.27/debian/patches/series kernel-source-2.4.29-2.4.29/debian kernel-source-2.4.29-2.4.29/debian/patches kernel-source-2.4.29-2.4.29/debian/patches/series
Joshua Kwan
joshk@costa.debian.org
Thu, 17 Feb 2005 22:07:04 +0100
Author: joshk
Date: 2005-02-17 22:07:02 +0100 (Thu, 17 Feb 2005)
New Revision: 2514
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/137_io_edgeport_overflow.diff
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/099_io_edgeport_overflow.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1
Log:
137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow (underflow, really) that opens multiple attack vectors
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-02-17 21:07:02 UTC (rev 2514)
@@ -13,12 +13,15 @@
fragmented packet forwarding (Joshua Kwan)
* 135_fix_ip_options_leak.diff: [CAN-2004-1335] fix leak of IP options
- data.
+ data. (Joshua Kwan)
+
+ * 136_vc_resizing_overflow.diff: [CAN-2004-1333] make sure VC resizing
+ fits in 16 bits. (Joshua Kwan)
- * 136_vc_resizing_overflow.diff: [CAN-2004-1333] make sure VC resizing
- fits in 16 bits.
+ * 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
+ (underflow, really) that opens multiple attack vectors. (Joshua Kwan)
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 11:42:56 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 13:05:11 -0800
kernel-source-2.4.27 (2.4.27-8) unstable; urgency=high
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/137_io_edgeport_overflow.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/137_io_edgeport_overflow.diff 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/137_io_edgeport_overflow.diff 2005-02-17 21:07:02 UTC (rev 2514)
@@ -0,0 +1,23 @@
+# origin: http://xforce.iss.net/xforce/xfdb/18433
+# description: fix buffer underflow problem in io_edgeport
+# inclusion: not submitted (!)
+# revision date: 2005-02-17
+
+===== io_edgeport.c 1.84 vs edited =====
+--- 1.84/drivers/usb/serial/io_edgeport.c 2004-11-15 09:27:17 -08:00
++++ edited/io_edgeport.c 2004-11-26 10:46:12 -08:00
+@@ -2797,9 +2797,12 @@ static void change_port_settings (struct
+ static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size)
+ {
+ int i;
+- for (i = 0; i < unicode_size; ++i) {
++
++ if (unicode_size <= 0)
++ return;
++
++ for (i = 0; i < unicode_size; ++i)
+ string[i] = (char)(le16_to_cpu(unicode[i]));
+- }
+ string[unicode_size] = 0x00;
+ }
+
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-9 2005-02-17 21:07:02 UTC (rev 2514)
@@ -1,3 +1,4 @@
+ 134_skb_reset_ip_summed.diff
+ 135_fix_ip_options_leak.diff
+ 136_vc_resizing_overflow.diff
++ 137_io_edgeport_overflow.diff
Modified: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/changelog 2005-02-17 21:07:02 UTC (rev 2514)
@@ -14,8 +14,10 @@
fragmented packet forwarding
- 101-503: add Willy Tarreau's hotfix patchset (2.4.29-hf2), addressing
some new security issues and bugs in 2.4.29
+ - 137_io_edgeport_overflow.diff: [CAN-2004-1017] fix buffer overflow
+ (underflow, really) that opens multiple attack vectors. (Joshua Kwan)
- -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 01:27:04 -0800
+ -- Joshua Kwan <joshk@triplehelix.org> Thu, 17 Feb 2005 13:06:12 -0800
kernel-source-2.4.28 (2.4.28-1) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/099_io_edgeport_overflow.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/099_io_edgeport_overflow.diff 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/099_io_edgeport_overflow.diff 2005-02-17 21:07:02 UTC (rev 2514)
@@ -0,0 +1,23 @@
+# origin: http://xforce.iss.net/xforce/xfdb/18433
+# description: fix buffer underflow problem in io_edgeport
+# inclusion: not submitted (!)
+# revision date: 2005-02-17
+
+===== io_edgeport.c 1.84 vs edited =====
+--- 1.84/drivers/usb/serial/io_edgeport.c 2004-11-15 09:27:17 -08:00
++++ edited/io_edgeport.c 2004-11-26 10:46:12 -08:00
+@@ -2797,9 +2797,12 @@ static void change_port_settings (struct
+ static void unicode_to_ascii (char *string, __le16 *unicode, int unicode_size)
+ {
+ int i;
+- for (i = 0; i < unicode_size; ++i) {
++
++ if (unicode_size <= 0)
++ return;
++
++ for (i = 0; i < unicode_size; ++i)
+ string[i] = (char)(le16_to_cpu(unicode[i]));
+- }
+ string[unicode_size] = 0x00;
+ }
+
Modified: trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1 2005-02-17 20:44:37 UTC (rev 2513)
+++ trunk/kernel-2.4/source/kernel-source-2.4.29-2.4.29/debian/patches/series/2.4.29-1 2005-02-17 21:07:02 UTC (rev 2514)
@@ -90,6 +90,7 @@
+ 096_megaraid2_proc_name.diff
+ 097_ipsec.diff
+ 098_skb_reset_ip_summed.diff
++ 099_io_edgeport_overflow.diff
+ 101-2.4.29-flash_erase-checks-cap_sys_admin-1.diff
+ 102-2.4.29-rw_verify_area-against-file-offset-overflow-2.diff
+ 103-2.4.29-rw_verify_area-missing-f_maxcount-1.diff