[kernel] r13520 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Wed Apr 29 07:27:42 UTC 2009
Author: dannf
Date: Wed Apr 29 07:27:40 2009
New Revision: 13520
Log:
* cifs: Fix memory overwrite when saving nativeFileSystem field during mount
- bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
- bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
- bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
See CVE-2009-1439
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
- copied, changed from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
- copied, changed from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
- copied, changed from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/24etch1
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Wed Apr 29 07:09:13 2009 (r13519)
+++ dists/etch-security/linux-2.6/debian/changelog Wed Apr 29 07:27:40 2009 (r13520)
@@ -1,4 +1,4 @@
-linux-2.6 (2.6.18.dfsg.1-24etch1) UNRELEASED; urgency=high
+linux-2.6 (2.6.18.dfsg.1-24etch1) oldstable-security; urgency=high
* Fix buffer underflow in the ib700wdt watchdog driver:
- bugfix/all/watchdog-ib700wdt-buffer_underflow.patch
@@ -56,8 +56,13 @@
* agp: zero pages before sending to userspace
- bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
See CVE-2009-1192
+ * cifs: Fix memory overwrite when saving nativeFileSystem field during mount
+ - bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
+ - bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
+ - bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
+ See CVE-2009-1439
- -- dann frazier <dannf at debian.org> Tue, 24 Feb 2009 23:49:22 -0700
+ -- dann frazier <dannf at debian.org> Wed, 29 Apr 2009 01:26:38 -0600
linux-2.6 (2.6.18.dfsg.1-24) stable; urgency=high
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch (from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch Wed Apr 29 07:09:13 2009 (r13519, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch Wed Apr 29 07:27:40 2009 (r13520)
@@ -16,27 +16,25 @@
Signed-off-by: Jeff Layton <jlayton at redhat.com>
Signed-off-by: Steve French <sfrench at us.ibm.com>
-Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+Adjusted to apply to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.24.orig/fs/cifs/connect.c linux-source-2.6.24/fs/cifs/connect.c
---- linux-source-2.6.24.orig/fs/cifs/connect.c 2009-04-29 00:57:48.000000000 -0600
-+++ linux-source-2.6.24/fs/cifs/connect.c 2009-04-29 00:59:27.000000000 -0600
-@@ -3421,16 +3421,13 @@ CIFSTCon(unsigned int xid, struct cifsSe
+diff -urpN linux-source-2.6.18.orig/fs/cifs/connect.c linux-source-2.6.18/fs/cifs/connect.c
+--- linux-source-2.6.18.orig/fs/cifs/connect.c 2009-04-29 01:20:52.000000000 -0600
++++ linux-source-2.6.18/fs/cifs/connect.c 2009-04-29 01:22:47.000000000 -0600
+@@ -3151,14 +3151,11 @@ CIFSTCon(unsigned int xid, struct cifsSe
BCC(smb_buffer_response)) {
kfree(tcon->nativeFileSystem);
tcon->nativeFileSystem =
- kzalloc(2*(length + 1), GFP_KERNEL);
+ kzalloc((4 * length) + 2, GFP_KERNEL);
- if (tcon->nativeFileSystem)
- cifs_strfromUCS_le(
- tcon->nativeFileSystem,
- (__le16 *) bcc_ptr,
- length, nls_codepage);
+ cifs_strfromUCS_le(tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
- bcc_ptr += 2 * length;
- bcc_ptr[0] = 0; /* null terminate the string */
- bcc_ptr[1] = 0;
- bcc_ptr += 2;
+ bcc_ptr += (2 * length) + 2;
}
- /* else do not bother copying these information fields*/
+ /* else do not bother copying these informational fields */
} else {
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch (from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch Wed Apr 29 07:09:13 2009 (r13519, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch Wed Apr 29 07:27:40 2009 (r13520)
@@ -13,17 +13,17 @@
CC: Stable <stable at kernel.org>
Signed-off-by: Steve French <sfrench at us.ibm.com>
-Adjusted to apply to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.24.orig/fs/cifs/connect.c linux-source-2.6.24/fs/cifs/connect.c
---- linux-source-2.6.24.orig/fs/cifs/connect.c 2008-01-24 15:58:37.000000000 -0700
-+++ linux-source-2.6.24/fs/cifs/connect.c 2009-04-29 00:57:48.000000000 -0600
-@@ -3421,7 +3421,7 @@ CIFSTCon(unsigned int xid, struct cifsSe
+diff -urpN linux-source-2.6.18.orig/fs/cifs/connect.c linux-source-2.6.18/fs/cifs/connect.c
+--- linux-source-2.6.18.orig/fs/cifs/connect.c 2008-12-25 14:04:13.000000000 -0700
++++ linux-source-2.6.18/fs/cifs/connect.c 2009-04-29 01:20:52.000000000 -0600
+@@ -3151,7 +3151,7 @@ CIFSTCon(unsigned int xid, struct cifsSe
BCC(smb_buffer_response)) {
kfree(tcon->nativeFileSystem);
tcon->nativeFileSystem =
- kzalloc(length + 2, GFP_KERNEL);
+ kzalloc(2*(length + 1), GFP_KERNEL);
- if (tcon->nativeFileSystem)
- cifs_strfromUCS_le(
- tcon->nativeFileSystem,
+ cifs_strfromUCS_le(tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
Copied and modified: dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch (from r13519, dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch)
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch Wed Apr 29 07:09:13 2009 (r13519, copy source)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch Wed Apr 29 07:27:40 2009 (r13520)
@@ -11,16 +11,16 @@
Signed-off-by: Jeff Layton <jlayton at redhat.com>
Signed-off-by: Steve French <sfrench at us.ibm.com>
-Backported to Debian's 2.6.24 by dann frazier <dannf at debian.org>
+Backported to Debian's 2.6.18 by dann frazier <dannf at debian.org>
-diff -urpN linux-source-2.6.24.orig/fs/cifs/connect.c linux-source-2.6.24/fs/cifs/connect.c
---- linux-source-2.6.24.orig/fs/cifs/connect.c 2009-04-29 00:59:27.000000000 -0600
-+++ linux-source-2.6.24/fs/cifs/connect.c 2009-04-29 01:00:34.000000000 -0600
-@@ -3427,7 +3427,6 @@ CIFSTCon(unsigned int xid, struct cifsSe
- tcon->nativeFileSystem,
- (__le16 *) bcc_ptr,
- length, nls_codepage);
+diff -urpN linux-source-2.6.18.orig/fs/cifs/connect.c linux-source-2.6.18/fs/cifs/connect.c
+--- linux-source-2.6.18.orig/fs/cifs/connect.c 2009-04-29 01:22:47.000000000 -0600
++++ linux-source-2.6.18/fs/cifs/connect.c 2009-04-29 01:23:59.000000000 -0600
+@@ -3155,7 +3155,6 @@ CIFSTCon(unsigned int xid, struct cifsSe
+ cifs_strfromUCS_le(tcon->nativeFileSystem,
+ (__le16 *) bcc_ptr,
+ length, nls_codepage);
- bcc_ptr += (2 * length) + 2;
}
- /* else do not bother copying these information fields*/
+ /* else do not bother copying these informational fields */
} else {
Modified: dists/etch-security/linux-2.6/debian/patches/series/24etch1
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/24etch1 Wed Apr 29 07:09:13 2009 (r13519)
+++ dists/etch-security/linux-2.6/debian/patches/series/24etch1 Wed Apr 29 07:27:40 2009 (r13520)
@@ -78,3 +78,6 @@
+ bugfix/all/nfs-fix-oops-in-encode_lookup.patch
+ bugfix/all/exit_notify-kill-wrong-CAP_KILL-check.patch
+ bugfix/all/agp-zero-pages-before-sending-to-userspace.patch
++ bugfix/all/cifs-fix-memory-overwrite-when-saving-nativeFileSystem-field-during-mount.patch
++ bugfix/all/cifs-fix-buffer-size-for-tcon-nativeFileSystem-field.patch
++ bugfix/all/cifs-remove-unneeded-bcc_ptr-update-in-CIFSTCon.patch
More information about the Kernel-svn-changes
mailing list