[kernel] r13033 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Sun Mar  8 20:42:40 2009
New Revision: 13033

Log:
ext4: initialize the new group descriptor when resizing
(CVE-2009-0745)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/13lenny2

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	(original)
+++ dists/lenny-security/linux-2.6/debian/changelog	Sun Mar  8 20:42:40 2009
@@ -2,8 +2,10 @@
 
   * Additional mips fixes for CVE-2009-0029.
   * skfp: Fix inverted capabilities check logic (CVE-2009-0675)
+  * ext4: initialize the new group descriptor when resizing
+    (CVE-2009-0745)
 
- -- dann frazier <dannf at debian.org>  Sun, 08 Mar 2009 14:06:42 -0600
+ -- dann frazier <dannf at debian.org>  Sun, 08 Mar 2009 14:34:53 -0600
 
 linux-2.6 (2.6.26-13lenny1) stable-security; urgency=high
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch	Sun Mar  8 20:42:40 2009
@@ -0,0 +1,42 @@
+From tytso at mit.edu  Wed Feb 18 11:14:37 2009
+From: "Theodore Ts'o" <tytso at mit.edu>
+Date: Tue, 17 Feb 2009 10:58:44 -0500
+Subject: ext4: Initialize the new group descriptor when resizing the filesystem
+To: stable at kernel.org
+Cc: linux-ext4 at vger.kernel.org, "Theodore Ts'o" <tytso at mit.edu>
+Message-ID: <1234886324-15105-25-git-send-email-tytso at mit.edu>
+
+From: "Theodore Ts'o" <tytso at mit.edu>
+
+(cherry picked from commit fdff73f094e7220602cc3f8959c7230517976412)
+
+Make sure all of the fields of the group descriptor are properly
+initialized.  Previously, we allowed bg_flags field to be contain
+random garbage, which could trigger non-deterministic behavior,
+including a kernel OOPS.
+
+http://bugzilla.kernel.org/show_bug.cgi?id=12433
+
+Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>
+
+---
+ fs/ext4/resize.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/ext4/resize.c
++++ b/fs/ext4/resize.c
+@@ -860,11 +860,13 @@ int ext4_group_add(struct super_block *s
+ 	gdp = (struct ext4_group_desc *)((char *)primary->b_data +
+ 					 gdb_off * EXT4_DESC_SIZE(sb));
+ 
++	memset(gdp, 0, EXT4_DESC_SIZE(sb));
+ 	ext4_block_bitmap_set(sb, gdp, input->block_bitmap); /* LV FIXME */
+ 	ext4_inode_bitmap_set(sb, gdp, input->inode_bitmap); /* LV FIXME */
+ 	ext4_inode_table_set(sb, gdp, input->inode_table); /* LV FIXME */
+ 	gdp->bg_free_blocks_count = cpu_to_le16(input->free_blocks_count);
+ 	gdp->bg_free_inodes_count = cpu_to_le16(EXT4_INODES_PER_GROUP(sb));
++	gdp->bg_flags = cpu_to_le16(EXT4_BG_INODE_ZEROED);
+ 	gdp->bg_checksum = ext4_group_desc_csum(sbi, input->group, gdp);
+ 
+ 	/*

Modified: dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/13lenny2	(original)
+++ dists/lenny-security/linux-2.6/debian/patches/series/13lenny2	Sun Mar  8 20:42:40 2009
@@ -3,3 +3,4 @@
 + bugfix/all/CVE-2009-0029/mips-rename-sys_pipe.patch
 + bugfix/all/CVE-2009-0029/mips-enable-syscall-wrappers.patch
 + bugfix/all/skfp-fix-inverted-cap-logic.patch
++ bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch