[kernel] r15076 - in dists/etch-security/linux-2.6.24/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Mon Feb 1 04:36:51 UTC 2010
Author: dannf
Date: Mon Feb 1 04:36:49 2010
New Revision: 15076
Log:
fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021)
Added:
dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch
- copied unchanged from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch
Modified:
dists/etch-security/linux-2.6.24/debian/changelog
dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
Modified: dists/etch-security/linux-2.6.24/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 04:34:34 2010 (r15075)
+++ dists/etch-security/linux-2.6.24/debian/changelog Mon Feb 1 04:36:49 2010 (r15076)
@@ -11,6 +11,7 @@
(CVE-2009-3889)
* isdn: hfc_usb: Fix read buffer overflow (CVE-2009-4005)
* hfs: fix a potential buffer overflow (CVE-2009-4020)
+ * fuse: prevent fuse_put_request on invalid pointer (CVE-2009-4021)
-- dann frazier <dannf at debian.org> Sun, 31 Jan 2010 17:17:52 -0700
Copied: dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch (from r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch)
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6.24/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch Mon Feb 1 04:36:49 2010 (r15076, copy of r15068, dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch)
@@ -0,0 +1,29 @@
+commit f60311d5f7670d9539b424e4ed8b5c0872fc9e83
+Author: Anand V. Avati <avati at gluster.com>
+Date: Thu Oct 22 06:24:52 2009 -0700
+
+ fuse: prevent fuse_put_request on invalid pointer
+
+ fuse_direct_io() has a loop where requests are allocated in each
+ iteration. if allocation fails, the loop is broken out and follows
+ into an unconditional fuse_put_request() on that invalid pointer.
+
+ Signed-off-by: Anand V. Avati <avati at gluster.com>
+ Signed-off-by: Miklos Szeredi <mszeredi at suse.cz>
+ Cc: stable at kernel.org
+
+Adjusted to apply to Debian's 2.6.26 by dann frazier <dannf at debian.org>
+
+diff -urpN linux-source-2.6.26.orig/fs/fuse/file.c linux-source-2.6.26/fs/fuse/file.c
+--- linux-source-2.6.26.orig/fs/fuse/file.c 2008-07-13 15:51:29.000000000 -0600
++++ linux-source-2.6.26/fs/fuse/file.c 2009-11-25 12:29:51.000000000 -0700
+@@ -1005,7 +1005,8 @@ static ssize_t fuse_direct_io(struct fil
+ break;
+ }
+ }
+- fuse_put_request(fc, req);
++ if (!IS_ERR(req))
++ fuse_put_request(fc, req);
+ if (res > 0) {
+ if (write)
+ fuse_write_update_size(inode, pos);
Modified: dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2
==============================================================================
--- dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 04:34:34 2010 (r15075)
+++ dists/etch-security/linux-2.6.24/debian/patches/series/6~etchnhalf.9etch2 Mon Feb 1 04:36:49 2010 (r15076)
@@ -10,3 +10,4 @@
+ bugfix/all/megaraid_sas-fix-sysfs-dbg_lvl-permissions.patch
+ bugfix/all/isdn-hfc_usb-fix-read-buffer-overflow.patch
+ bugfix/all/hfs-fix-a-potential-buffer-overflow.patch
++ bugfix/all/fuse-prevent-fuse_put_request-on-invalid-pointer.patch
More information about the Kernel-svn-changes
mailing list