r3619 - in
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: .
patches patches/series
Simon Horman
horms at costa.debian.org
Fri Jul 29 03:23:40 UTC 2005
Author: horms
Date: 2005-07-29 03:23:39 +0000 (Fri, 29 Jul 2005)
New Revision: 3619
Added:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff
Modified:
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
Incorrect offset checks for ext3 xattr on 64 bit architectures can lead to a local DoS. See CAN-2005-0757. (closes: #311164).
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog 2005-07-29 03:23:39 UTC (rev 3619)
@@ -1,10 +1,14 @@
-kernel-source-2.4.27 (2.4.27-11) unstable; urgency=low
+kernel-source-2.4.27 (2.4.27-11) UNRELEASED; urgency=low
* 167_arch-ia64-x86_64_execve.diff:
Race condition in the ia32 compatibility code for the execve system call
See CAN-2005-1768. (closes: #319629). (Simon Horman)
+ * 168_fs_ext3_64bit_offset.diff:
+ Incorrect offset checks for ext3 xattr on 64 bit architectures
+ can lead to a local DoS.
+ See CAN-2005-0757. (closes: #311164). (Simon Horman)
- -- Simon Horman <horms at debian.org> Mon, 25 Jul 2005 17:35:02 +0900
+ -- Simon Horman <horms at debian.org> Fri, 29 Jul 2005 12:15:18 +0900
kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff 2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff 2005-07-29 03:23:39 UTC (rev 3619)
@@ -0,0 +1,22 @@
+# source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
+# inclusion: upstream code has been reworked and doesn't appear vulerable
+# descrition: on 64 bit architectures incorect handling of xattr offsets
+# may cause a local DoS
+# revision date: Fri, 29 Jul 2005 12:04:57 +0900
+
+--- kernel-source-2.4.27.orig/fs/ext3/xattr.c 2005-05-19 19:29:38.000000000 +0900
++++ kernel-source-2.4.27/fs/ext3/xattr.c 2005-07-29 12:01:33.000000000 +0900
+@@ -636,10 +636,9 @@
+ goto cleanup;
+ memcpy(header, HDR(bh), bh->b_size);
+ header->h_refcount = cpu_to_le32(1);
+- offset = (char *)here - bh->b_data;
+- here = ENTRY((char *)header + offset);
+- offset = (char *)last - bh->b_data;
+- last = ENTRY((char *)header + offset);
++ offset = (char *)header - bh->b_data;
++ here = ENTRY((char *)here + offset);
++ last = ENTRY((char *)last + offset);
+ }
+ } else {
+ /* Allocate a buffer where we construct the new block. */
Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11 2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11 2005-07-29 03:23:39 UTC (rev 3619)
@@ -1 +1,2 @@
+ 167_arch-ia64-x86_64_execve.diff
++ 168_fs_ext3_64bit_offset.diff
More information about the Kernel-svn-changes
mailing list