r2627 - trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches
Sven Luther
luther@costa.debian.org
Sat, 05 Mar 2005 22:28:13 +0100
Author: luther
Date: 2005-03-05 22:28:13 +0100 (Sat, 05 Mar 2005)
New Revision: 2627
Removed:
trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO
Log:
removed 029-random_poolsize_overflow as the sizectl got removed in 2.6.11 - thanks to trippeh.
Deleted: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch 2005-03-05 21:13:57 UTC (rev 2626)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/029-random_poolsize_overflow.dpatch 2005-03-05 21:28:13 UTC (rev 2627)
@@ -1,55 +0,0 @@
-#! /bin/sh -e
-## <PATCHNAME>.dpatch by <PATCH_AUTHOR@EMAI>
-##
-## All lines beginning with `## DP:' are a description of the patch.
-## DP: Description: [SECURITY] check user-supplied length before copy_from_user
-## DP: Patch author: Andres Salomon <dilinger@voxel.net>
-## DP: Upstream status: not yet submitted
-
-. $(dirname $0)/DPATCH
-
-@DPATCH@
-Revision: linux-drivers-char--ps-int-overflow--0--patch-1
-Archive: dilinger@voxel.net--2005-public
-Creator: Andres Salomon <dilinger@voxel.net>
-Date: Fri Jan 7 17:45:21 EST 2005
-Standard-date: 2005-01-07 22:45:21 GMT
-Modified-files: random.c
-New-patches: dilinger@voxel.net--2005-public/linux-drivers-char--ps-int-overflow--0--patch-1
-Summary: integer overflow fix for poolsize_strategy()
-Keywords:
-
-Pointed out by Brad Spengler here:
-http://seclists.org/lists/fulldisclosure/2005/Jan/0270.html
-
-The fix is simple; we're passed a size_t (generally an unsigned int
-or unsigned long, depending on arch); copy_from_user expects an
-unsigned long. We can simply cast it to an unsigned long; table->maxlen
-guarantees that we'll always have a small amount, anyways.
-
-
-* modified files
-
---- orig/drivers/char/random.c
-+++ mod/drivers/char/random.c
-@@ -1906,7 +1906,7 @@
- void __user *oldval, size_t __user *oldlenp,
- void __user *newval, size_t newlen, void **context)
- {
-- int len;
-+ unsigned long len;
-
- sysctl_poolsize = random_state->poolinfo.POOLBYTES;
-
-@@ -1916,7 +1916,7 @@
- * write case happens twice; it's harmless).
- */
- if (newval && newlen) {
-- len = newlen;
-+ len = (unsigned long) newlen;
- if (len > table->maxlen)
- len = table->maxlen;
- if (copy_from_user(table->data, newval, len))
-
-
-
Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO 2005-03-05 21:13:57 UTC (rev 2626)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/TODO 2005-03-05 21:28:13 UTC (rev 2627)
@@ -9,7 +9,6 @@
# + drm-locking-fixes.dpatch # FAILED
# + ia64-generic-no-smp.dpatch # FAILED
# + ia64-generic-no-smp-1-to-2.dpatch # FAILED
-# + 029-random_poolsize_overflow.dpatch # FAILED
# + 030-moxa_user_copy_checking.dpatch # FAILED
# + drivers-ide-__devinit.dpatch # FAILED