[kernel] r12530 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Dec 25 21:28:38 UTC 2008 

Author: dannf
Date: Thu Dec 25 21:28:37 2008
New Revision: 12530

Log:
Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/13

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Thu Dec 25 21:28:37 2008
@@ -4,11 +4,12 @@
   * [hppa] disable UP-optimized flush_tlb_mm, fixing thread-related
     hangs. (closes: #478717)
   * cciss: Add PCI ids for P711m and p712m
+  * Fix buffer underflow in the ib700wdt watchdog driver (CVE-2008-5702)
 
   [ Bastian Blank ]
   * Fix multicast in atl1e driver. (closes: 509097)
 
- -- dann frazier <dannf at debian.org>  Wed, 24 Dec 2008 16:45:50 -0700
+ -- dann frazier <dannf at debian.org>  Thu, 25 Dec 2008 14:26:02 -0700
 
 linux-2.6 (2.6.26-12) unstable; urgency=high
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/watchdog-ib700wdt-buffer_underflow.patch	Thu Dec 25 21:28:37 2008
@@ -0,0 +1,31 @@
+commit 7c2500f17d65092d93345f3996cf82ebca17e9ff
+Author: Wim Van Sebroeck <wim at iguana.be>
+Date:   Wed Oct 15 08:53:06 2008 +0000
+
+    [WATCHDOG] ib700wdt.c - fix buffer_underflow bug
+    
+    This fixes Bug 11399:
+    if ibwdt_set_heartbeat(int t) is called with value 30 then
+    the check "if ((t < 0) || (t > 30))" in ibwdt_set_heartbeat
+    is not going to fail because t == 30, but in the loop, the
+    check wd_times[i] > t is never going to be true because
+    none of the wd_times are greater than the value of t (i.e. 30).
+    So we are exiting the loop with i == -1 and therefore setting
+    wd_margin to -1 which is wrong.
+    
+    Reported-by: Zvonimir Rakamaric <zrakamar at cs.ubc.ca>
+    Signed-off-by: Wim Van Sebroeck <wim at iguana.be>
+
+diff --git a/drivers/watchdog/ib700wdt.c b/drivers/watchdog/ib700wdt.c
+index 05a2810..8782ec1 100644
+--- a/drivers/watchdog/ib700wdt.c
++++ b/drivers/watchdog/ib700wdt.c
+@@ -154,7 +154,7 @@ static int ibwdt_set_heartbeat(int t)
+ 		return -EINVAL;
+ 
+ 	for (i = 0x0F; i > -1; i--)
+-		if (wd_times[i] > t)
++		if (wd_times[i] >= t)
+ 			break;
+ 	wd_margin = i;
+ 	return 0;

Modified: dists/sid/linux-2.6/debian/patches/series/13
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/13	(original)
+++ dists/sid/linux-2.6/debian/patches/series/13	Thu Dec 25 21:28:37 2008
@@ -1,3 +1,4 @@
 + bugfix/hppa/parisc-disable-up-optimized-flush_tlb_mm.patch
 + bugfix/all/drivers-net-atl1e-multicast-crc.patch
 + bugfix/all/cciss-p711m,p712m-add-ids.patch
++ bugfix/all/watchdog-ib700wdt-buffer_underflow.patch

More information about the Kernel-svn-changes mailing list