[kernel] r13035 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Sun Mar 8 20:53:45 UTC 2009
Author: dannf
Date: Sun Mar 8 20:53:44 2009
New Revision: 13035
Log:
ext4: only use i_size_high for regular files (CVE-2009-0747)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog (original)
+++ dists/lenny-security/linux-2.6/debian/changelog Sun Mar 8 20:53:44 2009
@@ -5,8 +5,9 @@
* ext4: initialize the new group descriptor when resizing
(CVE-2009-0745)
* ext4: Add sanity check to make_indexed_dir (CVE-2009-0746)
+ * ext4: only use i_size_high for regular files (CVE-2009-0747)
- -- dann frazier <dannf at debian.org> Sun, 08 Mar 2009 14:43:08 -0600
+ -- dann frazier <dannf at debian.org> Sun, 08 Mar 2009 14:51:51 -0600
linux-2.6 (2.6.26-13lenny1) stable-security; urgency=high
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch
==============================================================================
--- (empty file)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch Sun Mar 8 20:53:44 2009
@@ -0,0 +1,59 @@
+commit 06a279d636734da32bb62dd2f7b0ade666f65d7c
+Author: Theodore Ts'o <tytso at mit.edu>
+Date: Sat Jan 17 18:41:37 2009 -0500
+
+ ext4: only use i_size_high for regular files
+
+ Directories are not allowed to be bigger than 2GB, so don't use
+ i_size_high for anything other than regular files. E2fsck should
+ complain about these inodes, but the simplest thing to do for the
+ kernel is to only use i_size_high for regular files.
+
+ This prevents an intentially corrupted filesystem from causing the
+ kernel to burn a huge amount of CPU and issuing error messages such
+ as:
+
+ EXT4-fs warning (device loop0): ext4_block_to_path: block 135090028 > max
+
+ Thanks to David Maciejak from Fortinet's FortiGuard Global Security
+ Research Team for reporting this issue.
+
+ http://bugzilla.kernel.org/show_bug.cgi?id=12375
+
+ Signed-off-by: "Theodore Ts'o" <tytso at mit.edu>
+ Cc: stable at kernel.org
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/ext4/ext4.h linux-source-2.6.26/fs/ext4/ext4.h
+--- linux-source-2.6.26.orig/fs/ext4/ext4.h 2009-02-07 16:43:11.000000000 -0700
++++ linux-source-2.6.26/fs/ext4/ext4.h 2009-03-08 14:49:23.000000000 -0600
+@@ -1139,8 +1139,11 @@ static inline void ext4_r_blocks_count_s
+
+ static inline loff_t ext4_isize(struct ext4_inode *raw_inode)
+ {
+- return ((loff_t)le32_to_cpu(raw_inode->i_size_high) << 32) |
+- le32_to_cpu(raw_inode->i_size_lo);
++ if (S_ISREG(le16_to_cpu(raw_inode->i_mode)))
++ return ((loff_t)le32_to_cpu(raw_inode->i_size_high) << 32) |
++ le32_to_cpu(raw_inode->i_size_lo);
++ else
++ return (loff_t) le32_to_cpu(raw_inode->i_size_lo);
+ }
+
+ static inline void ext4_isize_set(struct ext4_inode *raw_inode, loff_t i_size)
+diff -urpN linux-source-2.6.26.orig/fs/ext4/inode.c linux-source-2.6.26/fs/ext4/inode.c
+--- linux-source-2.6.26.orig/fs/ext4/inode.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/fs/ext4/inode.c 2009-03-08 14:49:23.000000000 -0600
+@@ -308,9 +308,9 @@ static int ext4_block_to_path(struct ino
+ final = ptrs;
+ } else {
+ ext4_warning(inode->i_sb, "ext4_block_to_path",
+- "block %lu > max",
++ "block %lu > max in inode %lu",
+ i_block + direct_blocks +
+- indirect_blocks + double_blocks);
++ indirect_blocks + double_blocks, inode->i_ino);
+ }
+ if (boundary)
+ *boundary = final - 1 - (i_block & (ptrs - 1));
Modified: dists/lenny-security/linux-2.6/debian/patches/series/13lenny2
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/13lenny2 (original)
+++ dists/lenny-security/linux-2.6/debian/patches/series/13lenny2 Sun Mar 8 20:53:44 2009
@@ -5,3 +5,4 @@
+ bugfix/all/skfp-fix-inverted-cap-logic.patch
+ bugfix/all/ext4-initialize-the-new-group-descriptor-when-resizing-the-filesystem.patch
+ bugfix/all/ext4-add-sanity-check-to-make_indexed_dir.patch
++ bugfix/all/ext4-only-use-i_size_high-for-regular-files.patch
More information about the Kernel-svn-changes
mailing list