r2727 - in trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian: . patches patches/series

maximilian attems maks-guest@costa.debian.org
Wed, 16 Mar 2005 16:05:15 +0100 

Author: maks-guest
Date: 2005-03-16 16:05:13 +0100 (Wed, 16 Mar 2005)
New Revision: 2727

Added:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/drivers-net-ppp_async.dpatch
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-exec-fix-get_task_comm.dpatch
Modified:
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
   trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1
Log:
add 2.6.11.4 security fixes.


Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-03-16 10:41:29 UTC (rev 2726)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/changelog	2005-03-16 15:05:13 UTC (rev 2727)
@@ -52,6 +52,10 @@
 
   * [ia64] Forward port generic/non-SMP fix patch. (dann frazier)
 
+  * 2.6.11.4 [SECURITY] Use strncpy in get_task_comm. (Maximilian Attems)
+
+  * 2.6.11.4 [SECURITY] Fix remote Dos on ppp servers. (Maximilian Attems)
+
  -- Sven Luther <luther@debian.org>  Sun, 13 Mar 2005 16:08:44 +0100
 
 kernel-source-2.6.10 (2.6.10-6) unstable; urgency=low

Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/drivers-net-ppp_async.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/drivers-net-ppp_async.dpatch	2005-03-16 10:41:29 UTC (rev 2726)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/drivers-net-ppp_async.dpatch	2005-03-16 15:05:13 UTC (rev 2727)
@@ -0,0 +1,36 @@
+diff -Naru a/drivers/net/ppp_async.c b/drivers/net/ppp_async.c
+--- a/drivers/net/ppp_async.c	2005-03-16 07:02:25 -08:00
++++ b/drivers/net/ppp_async.c	2005-03-16 07:02:25 -08:00
+@@ -1000,7 +1000,7 @@
+ 	data += 4;
+ 	dlen -= 4;
+ 	/* data[0] is code, data[1] is length */
+-	while (dlen >= 2 && dlen >= data[1]) {
++	while (dlen >= 2 && dlen >= data[1] && data[1] >= 2) {
+ 		switch (data[0]) {
+ 		case LCP_MRU:
+ 			val = (data[2] << 8) + data[3];
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2005/03/15 15:38:47-08:00 paulus@au1.ibm.com 
+#   [PATCH] CAN-2005-0384: Remote Linux DoS on ppp servers
+#   
+#   Martin Schulze writes:
+#   
+#   > Ben Martel and Stephen Blackheath have discovered a denial-of-service attack
+#   > that a client of pppd can make that can hang the server machine.  The bug is
+#   > in the Linux kernel 2.6 (tested on 2.6.9), but it looks like it also exists
+#   > in the 2.4 series.
+#   
+#   Yes, this is my bug. :(
+#   
+#   I would just do this instead:
+#   
+#   Signed-off-by: Chris Wright <chrisw@osdl.org>
+#   Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+# 
+# drivers/net/ppp_async.c
+#   2005/02/24 15:38:05-08:00 paulus@au1.ibm.com +1 -1
+#   CAN-2005-0384: Remote Linux DoS on ppp servers
+# 

Added: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-exec-fix-get_task_comm.dpatch
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-exec-fix-get_task_comm.dpatch	2005-03-16 10:41:29 UTC (rev 2726)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/fs-exec-fix-get_task_comm.dpatch	2005-03-16 15:05:13 UTC (rev 2727)
@@ -0,0 +1,31 @@
+diff -Naru a/fs/exec.c b/fs/exec.c
+--- a/fs/exec.c	2005-03-16 06:59:05 -08:00
++++ b/fs/exec.c	2005-03-16 06:59:05 -08:00
+@@ -814,7 +814,7 @@
+ {
+ 	/* buf must be at least sizeof(tsk->comm) in size */
+ 	task_lock(tsk);
+-	memcpy(buf, tsk->comm, sizeof(tsk->comm));
++	strncpy(buf, tsk->comm, sizeof(tsk->comm));
+ 	task_unlock(tsk);
+ }
+ 
+# This is a BitKeeper generated diff -Nru style patch.
+#
+# ChangeSet
+#   2005/03/15 15:39:08-08:00 akpm@osdl.org 
+#   [PATCH] use strncpy in get_task_comm
+#   
+#   From: Prasanna Meda <pmeda@akamai.com>
+#   
+#   Set_task_comm uses strlcpy, so get_task_comm must use strncpy.
+#   
+#   Signed-Off-by: Prasanna Meda <pmeda@akamai.com>
+#   Signed-off-by: Andrew Morton <akpm@osdl.org>
+#   Signed-off-by: Chris Wright <chrisw@osdl.org>
+#   Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+# 
+# fs/exec.c
+#   2005/03/15 06:30:28-08:00 akpm@osdl.org +1 -1
+#   use strncpy in get_task_comm
+# 

Modified: trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1
===================================================================
--- trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1	2005-03-16 10:41:29 UTC (rev 2726)
+++ trunk/kernel/source/kernel-source-2.6.11-2.6.11/debian/patches/series/2.6.11-1	2005-03-16 15:05:13 UTC (rev 2727)
@@ -66,3 +66,5 @@
 + drivers-video-saa7110-oops-fix.dpatch
 + powerpc-pmac-agp-sleep.dpatch
 + ia64-generic-nosmp.dpatch
++ fs-exec-fix-get_task_comm.dpatch
++ drivers-net-ppp_async.dpatch