[kernel] r15158 - in dists/etch-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Feb 16 01:52:20 UTC 2010
Author: dannf
Date: Tue Feb 16 01:52:17 2010
New Revision: 15158
Log:
NFSv4: Fix a problem whereby a buggy server can oops the kernel
(CVE-2009-3726)
Added:
dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfsv4-buggy-server-oops.patch
Modified:
dists/etch-security/linux-2.6/debian/changelog
dists/etch-security/linux-2.6/debian/patches/series/26etch2
Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog Tue Feb 16 01:33:25 2010 (r15157)
+++ dists/etch-security/linux-2.6/debian/changelog Tue Feb 16 01:52:17 2010 (r15158)
@@ -1,6 +1,8 @@
linux-2.6 (2.6.18.dfsg.1-26etch2) UNRELEASED; urgency=low
* [SCSI] gdth: Prevent negative offsets in ioctl (CVE-2009-3080)
+ * NFSv4: Fix a problem whereby a buggy server can oops the kernel
+ (CVE-2009-3726)
-- dann frazier <dannf at debian.org> Mon, 15 Feb 2010 18:32:14 -0700
Added: dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfsv4-buggy-server-oops.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/all/nfsv4-buggy-server-oops.patch Tue Feb 16 01:52:17 2010 (r15158)
@@ -0,0 +1,61 @@
+commit 6d05a5e558374688ae02649af4e9e66113a982e8
+Author: dann frazier <dannf at hp.com>
+Date: Mon Feb 15 18:44:49 2010 -0700
+
+ [Adjusted to apply to Debian's 2.6.18]
+ commit d953126a28f97ec965d23c69fd5795854c048f30
+ Author: Trond Myklebust <Trond.Myklebust at netapp.com>
+ Date: Tue Jul 21 19:22:38 2009 -0400
+
+ NFSv4: Fix a problem whereby a buggy server can oops the kernel
+
+diff --git a/fs/nfs/dir.c b/fs/nfs/dir.c
+index c63c297..6b52ffd 100644
+--- a/fs/nfs/dir.c
++++ b/fs/nfs/dir.c
+@@ -1015,12 +1015,12 @@ static struct dentry *nfs_atomic_lookup(struct inode *dir, struct dentry *dentry
+ res = NULL;
+ goto out;
+ /* This turned out not to be a regular file */
+- case -EISDIR:
+ case -ENOTDIR:
+ goto no_open;
+ case -ELOOP:
+ if (!(nd->intent.open.flags & O_NOFOLLOW))
+ goto no_open;
++ /* case -EISDIR: */
+ /* case -EINVAL: */
+ default:
+ goto out;
+diff --git a/fs/nfs/nfs4proc.c b/fs/nfs/nfs4proc.c
+index c18f10f..b29f33b 100644
+--- a/fs/nfs/nfs4proc.c
++++ b/fs/nfs/nfs4proc.c
+@@ -3583,15 +3583,23 @@ nfs4_proc_lock(struct file *filp, int cmd, struct file_lock *request)
+ if (request->fl_start < 0 || request->fl_end < 0)
+ return -EINVAL;
+
+- if (IS_GETLK(cmd))
+- return nfs4_proc_getlk(state, F_GETLK, request);
++ if (IS_GETLK(cmd)) {
++ if (state != NULL)
++ return nfs4_proc_getlk(state, F_GETLK, request);
++ return 0;
++ }
+
+ if (!(IS_SETLK(cmd) || IS_SETLKW(cmd)))
+ return -EINVAL;
+
+- if (request->fl_type == F_UNLCK)
+- return nfs4_proc_unlck(state, cmd, request);
++ if (request->fl_type == F_UNLCK) {
++ if (state != NULL)
++ return nfs4_proc_unlck(state, cmd, request);
++ return 0;
++ }
+
++ if (state == NULL)
++ return -ENOLCK;
+ do {
+ status = nfs4_proc_setlk(state, cmd, request);
+ if ((status != -EAGAIN) || IS_SETLK(cmd))
Modified: dists/etch-security/linux-2.6/debian/patches/series/26etch2
==============================================================================
--- dists/etch-security/linux-2.6/debian/patches/series/26etch2 Tue Feb 16 01:33:25 2010 (r15157)
+++ dists/etch-security/linux-2.6/debian/patches/series/26etch2 Tue Feb 16 01:52:17 2010 (r15158)
@@ -1 +1,2 @@
+ bugfix/all/gdth-prevent-negative-offsets-in-ioctl.patch
++ bugfix/all/nfsv4-buggy-server-oops.patch
More information about the Kernel-svn-changes
mailing list