Author: dannf
Date: Wed Nov 4 21:27:45 2009
New Revision: 14556
Log:
NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
union (CVE-2009-3286)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch
- copied unchanged from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 21:25:52 2009 (r14555)
+++ dists/etch-security/linux-2.6.24/debian/changelog Wed Nov 4 21:27:45 2009 (r14556)
@@ -24,6 +24,8 @@
getname functions (CVE-2009-3002)
* tc: Fix uninitialized kernel memory leak (CVE-2009-3228)
* random: make get_random_int() more random (CVE-2009-3238)
+ * NFSv4: move iattr & verf attributes of struct nfsd4_open out of the
+ union (CVE-2009-3286)
-- dann frazier <dannf at debian.org> Tue, 27 Oct 2009 22:41:25 -0600
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch (from r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch Wed Nov 4 21:27:45 2009 (r14556, copy of r14544, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/nfsd4-de-union-iattr-and-verf.patch)
@@ -0,0 +1,29 @@
+un-union iattr & verf, from 79fb54abd285b442e1f30f851902f3ddf58e7704
+
+diff -urpN linux-source-2.6.26.orig/include/linux/nfsd/xdr4.h linux-source-2.6.26/include/linux/nfsd/xdr4.h
+--- linux-source-2.6.26.orig/include/linux/nfsd/xdr4.h 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/include/linux/nfsd/xdr4.h 2009-10-15 23:55:47.000000000 -0600
+@@ -207,10 +207,8 @@ struct nfsd4_open {
+ u32 op_create; /* request */
+ u32 op_createmode; /* request */
+ u32 op_bmval[2]; /* request */
+- union { /* request */
+- struct iattr iattr; /* UNCHECKED4,GUARDED4 */
+- nfs4_verifier verf; /* EXCLUSIVE4 */
+- } u;
++ struct iattr iattr; /* UNCHECKED4, GUARDED4, EXCLUSIVE4_1 */
++ nfs4_verifier verf; /* EXCLUSIVE4 */
+ clientid_t op_clientid; /* request */
+ struct xdr_netobj op_owner; /* request */
+ u32 op_seqid; /* request */
+@@ -224,8 +222,8 @@ struct nfsd4_open {
+ struct nfs4_stateowner *op_stateowner; /* used during processing */
+ struct nfs4_acl *op_acl;
+ };
+-#define op_iattr u.iattr
+-#define op_verf u.verf
++#define op_iattr iattr
++#define op_verf verf
+
+ struct nfsd4_open_confirm {
+ stateid_t oc_req_stateid /* request */;
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 21:25:52 2009 (r14555)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.8etch4 Wed Nov 4 21:27:45 2009 (r14556)
@@ -20,3 +20,4 @@
+ bugfix/all/netrom-fix-nr_getname-leak.patch
+ bugfix/all/tc-fix-pad-leak.patch
+ bugfix/all/random-make-get_random_int-more-random.patch
++ bugfix/all/nfsd4-de-union-iattr-and-verf.patch