[kernel] r14141 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Wed Aug 19 04:47:46 UTC 2009 

Author: dannf
Date: Wed Aug 19 04:47:44 2009
New Revision: 14141

Log:
md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
attributes (CVE-2009-2849)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/19

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny/linux-2.6/debian/changelog	Wed Aug 19 04:41:16 2009	(r14140)
+++ dists/lenny/linux-2.6/debian/changelog	Wed Aug 19 04:47:44 2009	(r14141)
@@ -1,4 +1,4 @@
-linux-2.6 (2.6.26-19) UNRELEASED; urgency=high
+linux-2.6 (2.6.26-19) stable; urgency=high
 
   [ Moritz Muehlenhoff ]
   * Input: ALPS - add signature for Toshiba Satellite Pro M10
@@ -10,8 +10,10 @@
   * do_sigaltstack: avoid copying 'stack_t' as a structure to user space
     (CVE-2009-2847)
   * execve: must clear current->clear_child_tid (CVE-2009-2848)
+  * md: avoid dereferencing NULL pointer when accessing suspend_* sysfs
+    attributes (CVE-2009-2849)
 
- -- Moritz Muehlenhoff <jmm at debian.org>  Wed, 05 Aug 2009 22:18:12 +0200
+ -- dann frazier <dannf at debian.org>  Tue, 18 Aug 2009 22:45:27 -0600
 
 linux-2.6 (2.6.26-18) stable; urgency=high
 

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch	Wed Aug 19 04:47:44 2009	(r14141)
@@ -0,0 +1,39 @@
+commit b8d966efd9a46a9a35beac50cbff6e30565125ef
+Author: NeilBrown <neilb at suse.de>
+Date:   Wed Jul 1 11:14:04 2009 +1000
+
+    md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes.
+    
+    If we try to modify one of the md/ sysfs files
+      suspend_lo or suspend_hi
+    when the array is not active, we dereference a NULL.
+    Protect against that.
+    
+    Cc: stable at kernel.org
+    Signed-off-by: NeilBrown <neilb at suse.de>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/drivers/md/md.c linux-source-2.6.26/drivers/md/md.c
+--- linux-source-2.6.26.orig/drivers/md/md.c	2009-06-19 23:16:56.000000000 -0600
++++ linux-source-2.6.26/drivers/md/md.c	2009-08-18 22:42:48.000000000 -0600
+@@ -3123,7 +3123,8 @@ suspend_lo_store(mddev_t *mddev, const c
+ 	char *e;
+ 	unsigned long long new = simple_strtoull(buf, &e, 10);
+ 
+-	if (mddev->pers->quiesce == NULL)
++	if (mddev->pers == NULL ||
++	    mddev->pers->quiesce == NULL)
+ 		return -EINVAL;
+ 	if (buf == e || (*e && *e != '\n'))
+ 		return -EINVAL;
+@@ -3151,7 +3152,8 @@ suspend_hi_store(mddev_t *mddev, const c
+ 	char *e;
+ 	unsigned long long new = simple_strtoull(buf, &e, 10);
+ 
+-	if (mddev->pers->quiesce == NULL)
++	if (mddev->pers == NULL || 
++	    mddev->pers->quiesce == NULL)
+ 		return -EINVAL;
+ 	if (buf == e || (*e && *e != '\n'))
+ 		return -EINVAL;

Modified: dists/lenny/linux-2.6/debian/patches/series/19
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/19	Wed Aug 19 04:41:16 2009	(r14140)
+++ dists/lenny/linux-2.6/debian/patches/series/19	Wed Aug 19 04:47:44 2009	(r14141)
@@ -1 +1,2 @@
 + bugfix/all/execve-must-clear-current-clear_child_tid.patch
++ bugfix/all/md-avoid-NULL-deref-with-suspend-sysfs-attribs.patch

More information about the Kernel-svn-changes mailing list