r3620 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

Simon Horman horms at costa.debian.org
Fri Jul 29 03:29:35 UTC 2005 

Author: horms
Date: 2005-07-29 03:29:34 +0000 (Fri, 29 Jul 2005)
New Revision: 3620

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs_ext3_64bit_offset.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
Log:
Incorrect offset checks for ext3 xattr on 64 bit archit
ectures  can lead to a local DoS. See CAN-2005-0757. (see: #311164).

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-07-29 03:23:39 UTC (rev 3619)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-07-29 03:29:34 UTC (rev 3620)
@@ -126,8 +126,12 @@
     bad.
     (Simon Horman)
 
+  * fs_ext3_64bit_offset.dpatch
+    Incorrect offset checks for ext3 xattr on 64 bit architectures
+    an lead to a local DoS.
+    See CAN-2005-0757. (see: #311164). (Simon Horman)
 
- -- Simon Horman <horms at debian.org>  Thu, 30 Jun 2005 17:58:38 +0900
+ -- Simon Horman <horms at debian.org>  Fri, 29 Jul 2005 12:17:01 +0900
 
 kernel-source-2.6.8 (2.6.8-16) unstable; urgency=low
 

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs_ext3_64bit_offset.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs_ext3_64bit_offset.dpatch	2005-07-29 03:23:39 UTC (rev 3619)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs_ext3_64bit_offset.dpatch	2005-07-29 03:29:34 UTC (rev 3620)
@@ -0,0 +1,22 @@
+# source: Trawled out of Red Hat's kernel-2.4.21-32.0.1.EL.src.rpm by Horms
+# inclusion: upstream code has been reworked and doesn't appear vulerable
+# descrition: on 64 bit architectures incorect handling of xattr offsets
+#             may cause a local DoS
+# revision date: Fri, 29 Jul 2005 12:04:57 +0900
+
+--- kernel-source-2.4.27.orig/fs/ext3/xattr.c	2005-05-19 19:29:38.000000000 +0900
++++ kernel-source-2.4.27/fs/ext3/xattr.c	2005-07-29 12:01:33.000000000 +0900
+@@ -636,10 +636,9 @@
+ 				goto cleanup;
+ 			memcpy(header, HDR(bh), bh->b_size);
+ 			header->h_refcount = cpu_to_le32(1);
+-			offset = (char *)here - bh->b_data;
+-			here = ENTRY((char *)header + offset);
+-			offset = (char *)last - bh->b_data;
+-			last = ENTRY((char *)header + offset);
++			offset = (char *)header - bh->b_data;
++			here = ENTRY((char *)here + offset);
++			last = ENTRY((char *)last + offset);
+ 		}
+ 	} else {
+ 		/* Allocate a buffer where we construct the new block. */

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17	2005-07-29 03:23:39 UTC (rev 3619)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-17	2005-07-29 03:29:34 UTC (rev 3620)
@@ -26,4 +26,4 @@
 + asm-i386-mem-clobber.dpatch
 + drivers-acpi-pci_irq-elcr.dpatch
 + net-netlink-autobind-return.dpatch
-
++ fs_ext3_64bit_offset.dpatch

More information about the Kernel-svn-changes mailing list