[kernel] r12740 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Tue Feb 10 04:41:55 2009
New Revision: 12740

Log:
eCryptfs: check readlink result for error before use (CVE-2009-0269)

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/ecryptfs-check-readlink-result-before-use.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/14

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	(original)
+++ dists/sid/linux-2.6/debian/changelog	Tue Feb 10 04:41:55 2009
@@ -21,6 +21,7 @@
     (CVE-2009-0029)
   * Fix softlockups in sungem driver (Closes: #514624)
   * security: introduce missing kfree (CVE-2009-0031)
+  * eCryptfs: check readlink result for error before use (CVE-2009-0269)
 
   [ Martin Michlmayr ]
   * rt2x00: Fix VGC lower bound initialization. (Closes: #510607)
@@ -31,7 +32,7 @@
   * [sparc] Revert: Reintroduce dummy PCI host controller to workaround broken
     X.org. Not supportable and breaks to many things.
 
- -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 21:32:48 -0700
+ -- dann frazier <dannf at debian.org>  Mon, 09 Feb 2009 21:39:16 -0700
 
 linux-2.6 (2.6.26-13) unstable; urgency=high
 

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/ecryptfs-check-readlink-result-before-use.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/ecryptfs-check-readlink-result-before-use.patch	Tue Feb 10 04:41:55 2009
@@ -0,0 +1,36 @@
+commit a17d5232de7b53d34229de79ec22f4bb04adb7e4
+Author: Duane Griffin <duaneg at dghda.com>
+Date:   Fri Dec 19 20:47:10 2008 +0000
+
+    eCryptfs: check readlink result was not an error before using it
+    
+    The result from readlink is being used to index into the link name
+    buffer without checking whether it is a valid length. If readlink
+    returns an error this will fault or cause memory corruption.
+    
+    Cc: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
+    Cc: Dustin Kirkland <kirkland at canonical.com>
+    Cc: ecryptfs-devel at lists.launchpad.net
+    Signed-off-by: Duane Griffin <duaneg at dghda.com>
+    Acked-by: Michael Halcrow <mhalcrow at us.ibm.com>
+    Acked-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
+    Signed-off-by: Al Viro <viro at zeniv.linux.org.uk>
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/ecryptfs/inode.c linux-source-2.6.26/fs/ecryptfs/inode.c
+--- linux-source-2.6.26.orig/fs/ecryptfs/inode.c	2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/fs/ecryptfs/inode.c	2009-02-09 21:38:06.000000000 -0700
+@@ -654,10 +654,11 @@ static void *ecryptfs_follow_link(struct
+ 	ecryptfs_printk(KERN_DEBUG, "Calling readlink w/ "
+ 			"dentry->d_name.name = [%s]\n", dentry->d_name.name);
+ 	rc = dentry->d_inode->i_op->readlink(dentry, (char __user *)buf, len);
+-	buf[rc] = '\0';
+ 	set_fs(old_fs);
+ 	if (rc < 0)
+ 		goto out_free;
++	else
++		buf[rc] = '\0';
+ 	rc = 0;
+ 	nd_set_link(nd, buf);
+ 	goto out;

Modified: dists/sid/linux-2.6/debian/patches/series/14
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/14	(original)
+++ dists/sid/linux-2.6/debian/patches/series/14	Tue Feb 10 04:41:55 2009
@@ -62,3 +62,4 @@
 + bugfix/x86/alsa-hda-add-support-for-toshiba-l305.patch
 + bugfix/sparc/sungem-soft-lockup-fix.patch
 + bugfix/all/security-keyctl-missing-kfree.patch
++ bugfix/all/ecryptfs-check-readlink-result-before-use.patch