[kernel] r16517 - in dists/sid/linux-2.6/debian: . patches/bugfix/all patches/series

Maximilian Attems maks at alioth.debian.org
Sat Oct 30 15:37:11 UTC 2010 

Author: maks
Date: Sat Oct 30 15:37:06 2010
New Revision: 16517

Log:
add ipc mem fix

didn't find cve, nor in linux-next yet, but v1 saw al's eyes.

Added:
   dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch
   dists/sid/linux-2.6/debian/patches/series/28
Modified:
   dists/sid/linux-2.6/debian/changelog

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sat Oct 30 15:10:30 2010	(r16516)
+++ dists/sid/linux-2.6/debian/changelog	Sat Oct 30 15:37:06 2010	(r16517)
@@ -1,3 +1,9 @@
+linux-2.6 (2.6.32-28) UNRELEASED; urgency=low
+
+  * ipc: initialize structure memory to zero for shmctl.
+
+ -- maximilian attems <maks at debian.org>  Sat, 30 Oct 2010 14:14:37 +0200
+
 linux-2.6 (2.6.32-27) unstable; urgency=high
   
   * The "We'll Always Have Paris" release

Added: dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/bugfix/all/ipc_initialize_structure_memory_to_zero.patch	Sat Oct 30 15:37:06 2010	(r16517)
@@ -0,0 +1,44 @@
+From patchwork Thu Oct  7 02:18:36 2010
+Content-Type: text/plain; charset="utf-8"
+MIME-Version: 1.0
+Content-Transfer-Encoding: 7bit
+Subject: [v2] ipc: initialize structure memory to zero for shmctl
+Date: Thu, 07 Oct 2010 02:18:36 -0000
+From: Kees Cook <kees.cook at canonical.com>
+X-Patchwork-Id: 237561
+Message-Id: <20101007021836.GA14666 at outflux.net>
+To: linux-kernel at vger.kernel.org
+Cc: Al Viro <viro at zeniv.linux.org.uk>,
+	Andrew Morton <akpm at linux-foundation.org>, Jiri Slaby <jslaby at suse.cz>, 
+	"David S. Miller" <davem at davemloft.net>, stable at kernel.org
+
+The old shm interface will leak a few bytes of stack contents. Explicitly
+initialize the structure to zero-fill the untouched fields, using memset
+instead of C99-style in case there are ever holes in the structure.
+
+Signed-off-by: Kees Cook <kees.cook at canonical.com>
+
+---
+ipc/shm.c |    2 ++
+ 1 files changed, 2 insertions(+), 0 deletions(-)
+
+diff --git a/ipc/shm.c b/ipc/shm.c
+index 52ed77e..f943b1e 100644
+--- a/ipc/shm.c
++++ b/ipc/shm.c
+@@ -473,6 +473,7 @@ static inline unsigned long copy_shmid_to_user(void __user *buf, struct shmid64_
+ 	    {
+ 		struct shmid_ds out;
+ 
++		memset(&out, 0, sizeof(out));
+ 		ipc64_perm_to_ipc_perm(&in->shm_perm, &out.shm_perm);
+ 		out.shm_segsz	= in->shm_segsz;
+ 		out.shm_atime	= in->shm_atime;
+@@ -524,6 +525,7 @@ static inline unsigned long copy_shminfo_to_user(void __user *buf, struct shminf
+ 	    {
+ 		struct shminfo out;
+ 
++		memset(&out, 0, sizeof(out));
+ 		if(in->shmmax > INT_MAX)
+ 			out.shmmax = INT_MAX;
+ 		else

Added: dists/sid/linux-2.6/debian/patches/series/28
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/series/28	Sat Oct 30 15:37:06 2010	(r16517)
@@ -0,0 +1 @@
++ bugfix/all/ipc_initialize_structure_memory_to_zero.patch

More information about the Kernel-svn-changes mailing list