[kernel] r14811 - in dists/lenny/linux-2.6/debian: . patches/bugfix/all patches/series

Thu Dec 24 08:18:22 UTC 2009

Author: dannf
Date: Thu Dec 24 08:18:19 2009
New Revision: 14811

Log:
ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
(CVE-2009-4308)

Added:
   dists/lenny/linux-2.6/debian/patches/bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch
Modified:
   dists/lenny/linux-2.6/debian/changelog
   dists/lenny/linux-2.6/debian/patches/series/21

Modified: dists/lenny/linux-2.6/debian/changelog
==============================================================================

--- dists/lenny/linux-2.6/debian/changelog	Thu Dec 24 07:28:09 2009	(r14810)
+++ dists/lenny/linux-2.6/debian/changelog	Thu Dec 24 08:18:19 2009	(r14811)
@@ -36,6 +36,8 @@
   * KVM: x86 emulator: limit instructions to 15 bytes (CVE-2009-4031)
   * firewire: ohci: handle receive packets with a data length of zero
     (CVE-2009-4138)
+  * ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
+    (CVE-2009-4308)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 24 Oct 2009 23:45:45 +0100
 

Added: dists/lenny/linux-2.6/debian/patches/bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny/linux-2.6/debian/patches/bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch	Thu Dec 24 08:18:19 2009	(r14811)
@@ -0,0 +1,26 @@
+commit 78f1ddbb498283c2445c11b0dfa666424c301803
+Author: Theodore Ts'o <tytso at mit.edu>
+Date:   Mon Jul 27 23:09:47 2009 -0400
+
+    ext4: Avoid null pointer dereference when decoding EROFS w/o a journal
+    
+    We need to check to make sure a journal is present before checking the
+    journal flags in ext4_decode_error().
+    
+    Signed-off-by: Eric Sesterhenn <eric.sesterhenn at lsexperts.de>
+    Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+
+diff --git a/fs/ext4/super.c b/fs/ext4/super.c
+index 8f4f079..fe3f376 100644
+--- a/fs/ext4/super.c
++++ b/fs/ext4/super.c
+@@ -344,7 +344,8 @@ static const char *ext4_decode_error(struct super_block *sb, int errno,
+ 		errstr = "Out of memory";
+ 		break;
+ 	case -EROFS:
+-		if (!sb || EXT4_SB(sb)->s_journal->j_flags & JBD2_ABORT)
++		if (!sb || (EXT4_SB(sb)->s_journal &&
++			    EXT4_SB(sb)->s_journal->j_flags & JBD2_ABORT))
+ 			errstr = "Journal has aborted";
+ 		else
+ 			errstr = "Readonly filesystem";

Modified: dists/lenny/linux-2.6/debian/patches/series/21
==============================================================================
--- dists/lenny/linux-2.6/debian/patches/series/21	Thu Dec 24 07:28:09 2009	(r14810)
+++ dists/lenny/linux-2.6/debian/patches/series/21	Thu Dec 24 08:18:19 2009	(r14811)
@@ -40,3 +40,4 @@
 + bugfix/all/hfs-fix-a-potential-buffer-overflow.patch
 + bugfix/x86/kvm-limit-instructions-to-15-bytes.patch
 + bugfix/all/firewire-ohci-handle-receive-packets-with-a-data-length-of-zero.patch
++ bugfix/all/ext4-avoid-null-pointer-deref-when-decoding-EROFS-wo-a-journal.patch

