[kernel] r16517 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series
Maximilian Attems
maks at alioth.debian.org
Sat Oct 30 15:37:11 UTC 2010
Author: maks
Date: Sat Oct 30 15:37:06 2010
New Revision: 16517
Log:
add ipc mem fix
didn't find cve, nor in linux-next yet, but v1 saw al's eyes.
Added:
dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch
dists/sid/linux-2.6/debian/patches/series/28
Modified:
dists/sid/linux-2.6/debian/changelog
Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog Sat Oct 30 15:10:30 2010 (r16516)
+++ dists/sid/linux-2.6/debian/changelog Sat Oct 30 15:37:06 2010 (r16517)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.32-28) UNRELEASED; urgency=low
+
+ * ipc: initialize structure memory to zero for shmctl.
+
+ -- maximilian attems <maks at debian.org> Sat, 30 Oct 2010 14:14:37 +0200
+
linux-2.6 (2.6.32-27) unstable; urgency=high
* The "We'll Always Have Paris" release
Added: dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch Sat Oct 30 15:37:06 2010 (r16517)
@@ -0,0 +1,44 @@
+From patchwork Thu Oct 7 02:18:36 2010
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [v2] ipc: initialize structure memory to zero for shmctl
+Date: Thu, 07 Oct 2010 02:18:36 -0000
+From: Kees Cook <kees.cook at canonical.com>
+X-Patchwork-Id: 237561
+Message-Id: <20101007021836.GA14666 at outflux.net>
+To: linux-kernel at vger.kernel.org
+Cc: Al Viro <viro at zeniv.linux.org.uk>,
+ Andrew Morton <akpm at linux-foundation.org>, Jiri Slaby <jslaby at suse.cz>,
+ "David S. Miller" <davem at davemloft.net>, stable at kernel.org
+
+The old shm interface will leak a few bytes of stack contents. Explicitly
+initialize the structure to zero-fill the untouched fields, using memset
+instead of C99-style in case there are ever holes in the structure.
+
+Signed-off-by: Kees Cook <kees.cook at canonical.com>
+
+---
+ipc/shm.c | 2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/ipc/shm.c b/ipc/shm.c
+index 52ed77e..f943b1e 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -473,6 +473,7 @@ static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_
+ {
+ struct shmid_ds out;
+
++ memset(&out, 0, sizeof(out));
+ ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ out.shm_segsz = in->shm_segsz;
+ out.shm_atime = in->shm_atime;
+@@ -524,6 +525,7 @@ static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminf
+ {
+ struct shminfo out;
+
++ memset(&out, 0, sizeof(out));
+ if(in->shmmax > INT_MAX)
+ out.shmmax = INT_MAX;
+ else
Added: dists/sid/linux-2.6/debian/patches/series/28
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/series/28 Sat Oct 30 15:37:06 2010 (r16517)
@@ -0,0 +1 @@
++ bugfix/all/ipc_initialize_structure_memory_to_zero.patch
More information about the Kernel-svn-changes
mailing list