r3619 - in trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Fri Jul 29 03:23:40 UTC 2005 

Author: horms
Date: 2005-07-29 03:23:39 +0000 (Fri, 29 Jul 2005)
New Revision: 3619

Added:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff
Modified:
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
   trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
Log:
Incorrect offset checks for ext3 xattr on 64 bit architectures  can lead to a local DoS. See CAN-2005-0757. (closes: #311164).

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog	2005-07-29 03:23:39 UTC (rev 3619)
@@ -1,10 +1,14 @@
-kernel-source-2.4.27 (2.4.27-11) unstable; urgency=low
+kernel-source-2.4.27 (2.4.27-11) UNRELEASED; urgency=low
 
   * 167_arch-ia64-x86_64_execve.diff:
      Race condition in the ia32 compatibility code for the execve system call
      See CAN-2005-1768. (closes: #319629). (Simon Horman)
+  * 168_fs_ext3_64bit_offset.diff:
+    Incorrect offset checks for ext3 xattr on 64 bit architectures
+    can lead to a local DoS.
+    See CAN-2005-0757. (closes: #311164). (Simon Horman)
 
- -- Simon Horman <horms at debian.org>  Mon, 25 Jul 2005 17:35:02 +0900
+ -- Simon Horman <horms at debian.org>  Fri, 29 Jul 2005 12:15:18 +0900
 
 kernel-source-2.4.27 (2.4.27-10) unstable; urgency=low
 

Added: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff	2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/168_fs_ext3_64bit_offset.diff	2005-07-29 03:23:39 UTC (rev 3619)
@@ -0,0 +1,22 @@
+# source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
+# inclusion: upstream code has been reworked and doesn't appear vulerable
+# descrition: on 64 bit architectures incorect handling of xattr offsets
+#             may cause a local DoS
+# revision date: Fri, 29 Jul 2005 12:04:57 +0900
+
+--- kernel-source-2.4.27.orig/fs/ext3/xattr.c	2005-05-19 19:29:38.000000000 +0900
++++ kernel-source-2.4.27/fs/ext3/xattr.c	2005-07-29 12:01:33.000000000 +0900
+@@ -636,10 +636,9 @@
+ 				goto cleanup;
+ 			memcpy(header, HDR(bh), bh->b_size);
+ 			header->h_refcount = cpu_to_le32(1);
+-			offset = (char *)here - bh->b_data;
+-			here = ENTRY((char *)header + offset);
+-			offset = (char *)last - bh->b_data;
+-			last = ENTRY((char *)header + offset);
++			offset = (char *)header - bh->b_data;
++			here = ENTRY((char *)here + offset);
++			last = ENTRY((char *)last + offset);
+ 		}
+ 	} else {
+ 		/* Allocate a buffer where we construct the new block. */

Modified: trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11
===================================================================
--- trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-07-28 22:53:23 UTC (rev 3618)
+++ trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/patches/series/2.4.27-11	2005-07-29 03:23:39 UTC (rev 3619)
@@ -1 +1,2 @@
 + 167_arch-ia64-x86_64_execve.diff
++ 168_fs_ext3_64bit_offset.diff

More information about the Kernel-svn-changes mailing list