r2663 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series

maximilian attems maks-guest@costa.debian.org
Wed, 09 Mar 2005 17:55:24 +0100 

Author: maks-guest
Date: 2005-03-09 17:55:23 +0100 (Wed, 09 Mar 2005)
New Revision: 2663

Added:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
Log:
add security eventpoll fix also to 2.6.8


Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	2005-03-09 16:55:23 UTC (rev 2663)
@@ -61,6 +61,9 @@
     of the clock chip on SunBlade 1500, it won't boot otherwise.
     (Jurij Smakov).
 
+  * 2.6.11.2 [SECURITY] epoll: return proper error on overflow condition
+    (Maximilian Attems)
+
  -- Joshua Kwan <joshk@triplehelix.org>  Sat, 26 Feb 2005 21:01:07 -0800
 
 kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high

Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch	2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch	2005-03-09 16:55:23 UTC (rev 2663)
@@ -0,0 +1,21 @@
+
+diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
+--- a/fs/eventpoll.c	2005-03-09 00:13:29 -08:00
++++ b/fs/eventpoll.c	2005-03-09 00:13:29 -08:00
+@@ -615,6 +615,7 @@
+ 	return error;
+ }
+ 
++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
+ 
+ /*
+  * Implement the event wait interface for the eventpoll file. It is the kernel
+@@ -631,7 +632,7 @@
+ 		     current, epfd, events, maxevents, timeout));
+ 
+ 	/* The maximum number of event must be greater than zero */
+-	if (maxevents <= 0)
++	if (maxevents <= 0 || maxevents > MAX_EVENTS)
+ 		return -EINVAL;
+ 
+ 	/* Verify that the area passed by the user is writeable */

Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14	2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14	2005-03-09 16:55:23 UTC (rev 2663)
@@ -19,3 +19,4 @@
 + ipv4-fragment-queues-3.dpatch
 + ipv4-fragment-queues-4.dpatch
 + sparc64-sb1500-clock-2.6.dpatch
++ fs-eventpoll-overflow-fix.dpatch