r2662 - in trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian: . patches patches/series

maximilian attems maks-guest@costa.debian.org
Wed, 09 Mar 2005 17:48:46 +0100 

Author: maks-guest
Date: 2005-03-09 17:48:45 +0100 (Wed, 09 Mar 2005)
New Revision: 2662

Added:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-eventpoll-overflow-fix.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1
Log:
add 2.6.11.2 security eventpoll fix


Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-03-08 22:37:17 UTC (rev 2661)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-03-09 16:48:45 UTC (rev 2662)
@@ -18,6 +18,9 @@
 
   * 2.6.11.1 Fix keyboards for Dell machines patch (Maximilian Attems)
 
+  * 2.6.11.2 [SECURITY] epoll: return proper error on overflow condition
+    (Maximilian Attems)
+
  -- Sven Luther <luther@debian.org>  Mon,  7 Mar 2005 14:56:32 +0100
 
 kernel-source-2.6.10 (2.6.10-6) UNRELEASED; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-eventpoll-overflow-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-eventpoll-overflow-fix.dpatch	2005-03-08 22:37:17 UTC (rev 2661)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-eventpoll-overflow-fix.dpatch	2005-03-09 16:48:45 UTC (rev 2662)
@@ -0,0 +1,21 @@
+
+diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
+--- a/fs/eventpoll.c	2005-03-09 00:13:29 -08:00
++++ b/fs/eventpoll.c	2005-03-09 00:13:29 -08:00
+@@ -619,6 +619,7 @@
+ 	return error;
+ }
+ 
++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
+ 
+ /*
+  * Implement the event wait interface for the eventpoll file. It is the kernel
+@@ -635,7 +636,7 @@
+ 		     current, epfd, events, maxevents, timeout));
+ 
+ 	/* The maximum number of event must be greater than zero */
+-	if (maxevents <= 0)
++	if (maxevents <= 0 || maxevents > MAX_EVENTS)
+ 		return -EINVAL;
+ 
+ 	/* Verify that the area passed by the user is writeable */

Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1	2005-03-08 22:37:17 UTC (rev 2661)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1	2005-03-09 16:48:45 UTC (rev 2662)
@@ -52,3 +52,4 @@
 + drivers_input_serio_dell_keyboard.dpatch
 + modular-ide.dpatch
 + drivers-ide-__devinit.dpatch
++ fs-eventpoll-overflow-fix.dpatch