r2290 - in trunk/kernel/source: kernel-source-2.6.10-2.6.10/debian kernel-source-2.6.10-2.6.10/debian/patches kernel-source-2.6.10-2.6.10/debian/patches/series kernel-source-2.6.8-2.6.8/debian kernel-source-2.6.8-2.6.8/debian/patches kernel-source-2.6.8-2.6.8/debian/patches/series

Christoph Hellwig hch-guest@costa.debian.org
Thu, 13 Jan 2005 11:00:49 +0100 

Author: hch-guest
Date: 2005-01-13 11:00:48 +0100 (Thu, 13 Jan 2005)
New Revision: 2290

Added:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/cmsg-compat-signedness-fix-fix.dpatch
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cmsg-compat-signedness-fix-fix.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
   trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-4
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-13
Log:

  * Apply patch to fix compat cmsg_len checks (Christoph Hellwig).
 


Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/changelog	2005-01-13 10:00:48 UTC (rev 2290)
@@ -42,6 +42,8 @@
     Further do_brk fixes; just to be safe, lock everywhere do_brk
     is used (Andres Salomon).
 
+  * Apply patch to fix compat cmsg_len checks (Christoph Hellwig).
+
  -- Sven Luther <luther@debian.org>  Mon, 10 Jan 2005 18:06:29 +0100
 
 kernel-source-2.6.10 (2.6.10-3) unstable; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/cmsg-compat-signedness-fix-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/cmsg-compat-signedness-fix-fix.dpatch	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/cmsg-compat-signedness-fix-fix.dpatch	2005-01-13 10:00:48 UTC (rev 2290)
@@ -0,0 +1,33 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix cmsg_len checks in 32bit compat mode
+## DP: Patch author: Olaf Kirch <okir@suse.de>
+## DP: Upstream status: submitted and accepted, but not in mainline yet
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+From: Olaf Kirch <okir@suse.de>
+Subject: Fix cmsg_len checks in 32bit compat mode
+References: 49517 - LTC13227
+
+The recent fixes for cmsg_len handling seem to break 32bit compatibility
+at least on x86_64. The new CMSG_COMPAT_OK macro requires that cmsg_len
+is greater or equal the size of struct cmsghdr, which is the 64bit
+version of the struct.  The code should really check against the size
+of struct compat_cmsghdr.
+
+Signed-off-by: Olaf Kirch <okir@suse.de>
+
+--- linux-2.6.10/net/compat.c.orig	2005-01-04 13:51:49.000000000 +0100
++++ linux-2.6.10/net/compat.c	2005-01-04 16:53:38.000000000 +0100
+@@ -125,7 +125,7 @@
+ 	 (struct compat_cmsghdr __user *)NULL)
+ 
+ #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
+-	((ucmlen) >= sizeof(struct cmsghdr) && \
++	((ucmlen) >= sizeof(struct compat_cmsghdr) && \
+ 	 (ucmlen) <= (unsigned long) \
+ 	 ((mhdr)->msg_controllen - \
+ 	  ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))

Modified: trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-4
===================================================================
--- trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-4	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.10-2.6.10/debian/patches/series/2.6.10-4	2005-01-13 10:00:48 UTC (rev 2290)
@@ -16,3 +16,4 @@
 + 033-rlimit_memlock_check.dpatch
 + 034-stack_resize_exploit.dpatch
 + 035-do_brk_security_fixes-2.dpatch
++ cmsg-compat-signedness-fix-fix.dpatch

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-01-13 10:00:48 UTC (rev 2290)
@@ -6,6 +6,10 @@
   * Fix viewsvn url for patches in README.Debian as reported by
     Alexander E. Patrakov. (Christoph Hellwig) (closes: #288062).
 
+  * Replace smbfs-overflow-fixes.patch with a newer version from 2.6.10-ac
+    that actually works.  Thanks to S?ren Hansen <sh@warma.dk> for finding
+    and submitting it. (Christoph Hellwig) (closes: #283241).
+
   * [SECURITY] 033-rlimit_memlock_check.dpatch
     RLIMIT_MEMLOCK isn't checked properly, allowing for a DoS attack.
     See http://seclists.org/lists/fulldisclosure/2005/Jan/0270.html for
@@ -21,6 +25,8 @@
     Further do_brk fixes; just to be safe, lock everywhere do_brk
     is used (Andres Salomon).
  
+  * Apply patch to fix compat cmsg_len checks (Christoph Hellwig).
+ 
  -- Christoph Hellwig <hch@lst.de>  Sat, 08 Jan 2005 13:38:12 +0100
 
 kernel-source-2.6.8 (2.6.8-12) unstable; urgency=high

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cmsg-compat-signedness-fix-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cmsg-compat-signedness-fix-fix.dpatch	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/cmsg-compat-signedness-fix-fix.dpatch	2005-01-13 10:00:48 UTC (rev 2290)
@@ -0,0 +1,33 @@
+#! /bin/sh -e
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: Description: Fix cmsg_len checks in 32bit compat mode
+## DP: Patch author: Olaf Kirch <okir@suse.de>
+## DP: Upstream status: submitted and accepted, but not in mainline yet
+
+. $(dirname $0)/DPATCH
+
+@DPATCH@
+From: Olaf Kirch <okir@suse.de>
+Subject: Fix cmsg_len checks in 32bit compat mode
+References: 49517 - LTC13227
+
+The recent fixes for cmsg_len handling seem to break 32bit compatibility
+at least on x86_64. The new CMSG_COMPAT_OK macro requires that cmsg_len
+is greater or equal the size of struct cmsghdr, which is the 64bit
+version of the struct.  The code should really check against the size
+of struct compat_cmsghdr.
+
+Signed-off-by: Olaf Kirch <okir@suse.de>
+
+--- linux-2.6.10/net/compat.c.orig	2005-01-04 13:51:49.000000000 +0100
++++ linux-2.6.10/net/compat.c	2005-01-04 16:53:38.000000000 +0100
+@@ -125,7 +125,7 @@
+ 	 (struct compat_cmsghdr __user *)NULL)
+ 
+ #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
+-	((ucmlen) >= sizeof(struct cmsghdr) && \
++	((ucmlen) >= sizeof(struct compat_cmsghdr) && \
+ 	 (ucmlen) <= (unsigned long) \
+ 	 ((mhdr)->msg_controllen - \
+ 	  ((char *)(ucmsg) - (char *)(mhdr)->msg_control)))

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-13
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-13	2005-01-13 07:51:59 UTC (rev 2289)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-13	2005-01-13 10:00:48 UTC (rev 2290)
@@ -4,3 +4,4 @@
 + 033-rlimit_memlock_check.dpatch
 + 034-stack_resize_exploit.dpatch
 + 035-do_brk_security_fixes-2.dpatch
++ cmsg-compat-signedness-fix-fix.dpatch