r2663 - in trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian: . patches patches/series
maximilian attems
maks-guest@costa.debian.org
Wed, 09 Mar 2005 17:55:24 +0100
Author: maks-guest
Date: 2005-03-09 17:55:23 +0100 (Wed, 09 Mar 2005)
New Revision: 2663
Added:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch
Modified:
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
Log:
add security eventpoll fix also to 2.6.8
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog 2005-03-09 16:55:23 UTC (rev 2663)
@@ -61,6 +61,9 @@
of the clock chip on SunBlade 1500, it won't boot otherwise.
(Jurij Smakov).
+ * 2.6.11.2 [SECURITY] epoll: return proper error on overflow condition
+ (Maximilian Attems)
+
-- Joshua Kwan <joshk@triplehelix.org> Sat, 26 Feb 2005 21:01:07 -0800
kernel-source-2.6.8 (2.6.8-13) unstable; urgency=high
Added: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch 2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/fs-eventpoll-overflow-fix.dpatch 2005-03-09 16:55:23 UTC (rev 2663)
@@ -0,0 +1,21 @@
+
+diff -Nru a/fs/eventpoll.c b/fs/eventpoll.c
+--- a/fs/eventpoll.c 2005-03-09 00:13:29 -08:00
++++ b/fs/eventpoll.c 2005-03-09 00:13:29 -08:00
+@@ -615,6 +615,7 @@
+ return error;
+ }
+
++#define MAX_EVENTS (INT_MAX / sizeof(struct epoll_event))
+
+ /*
+ * Implement the event wait interface for the eventpoll file. It is the kernel
+@@ -631,7 +632,7 @@
+ current, epfd, events, maxevents, timeout));
+
+ /* The maximum number of event must be greater than zero */
+- if (maxevents <= 0)
++ if (maxevents <= 0 || maxevents > MAX_EVENTS)
+ return -EINVAL;
+
+ /* Verify that the area passed by the user is writeable */
Modified: trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14
===================================================================
--- trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-03-09 16:48:45 UTC (rev 2662)
+++ trunk/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-14 2005-03-09 16:55:23 UTC (rev 2663)
@@ -19,3 +19,4 @@
+ ipv4-fragment-queues-3.dpatch
+ ipv4-fragment-queues-4.dpatch
+ sparc64-sb1500-clock-2.6.dpatch
++ fs-eventpoll-overflow-fix.dpatch