[kernel] r16290 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Sep 16 05:19:44 UTC 2010


Author: dannf
Date: Thu Sep 16 05:19:42 2010
New Revision: 16290

Log:
xfs: prevent reading uninitialized stack memory (CVE-2010-3078)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/25lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Thu Sep 16 04:41:24 2010	(r16289)
+++ dists/lenny-security/linux-2.6/debian/changelog	Thu Sep 16 05:19:42 2010	(r16290)
@@ -6,6 +6,7 @@
     (CVE-2010-3081)
   * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
     (CVE-2010-3080)
+  * xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
 
  -- dann frazier <dannf at debian.org>  Thu, 09 Sep 2010 19:11:27 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch	Thu Sep 16 05:19:42 2010	(r16290)
@@ -0,0 +1,29 @@
+commit 3df0537450fc7726a21c2c85f9fe8cb2d47d0fb6
+Author: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+Date:   Mon Sep 6 18:24:57 2010 -0400
+
+    xfs: prevent reading uninitialized stack memory
+    
+    The XFS_IOC_FSGETXATTR ioctl allows unprivileged users to read 12
+    bytes of uninitialized stack memory, because the fsxattr struct
+    declared on the stack in xfs_ioc_fsgetxattr() does not alter (or zero)
+    the 12-byte fsx_pad member before copying it back to the user.  This
+    patch takes care of it.
+    
+    Signed-off-by: Dan Rosenberg <dan.j.rosenberg at gmail.com>
+    Reviewed-by: Eric Sandeen <sandeen at redhat.com>
+    Signed-off-by: Alex Elder <aelder at sgi.com>
+
+diff --git a/fs/xfs/linux-2.6/xfs_ioctl.c b/fs/xfs/linux-2.6/xfs_ioctl.c
+index a42ba9d..de2e754 100644
+--- a/fs/xfs/linux-2.6/xfs_ioctl.c
++++ b/fs/xfs/linux-2.6/xfs_ioctl.c
+@@ -847,6 +847,8 @@ xfs_ioc_fsgetxattr(
+ {
+ 	struct fsxattr		fa;
+ 
++	memset(&fa, 0, sizeof(struct fsxattr));
++
+ 	xfs_ilock(ip, XFS_ILOCK_SHARED);
+ 	fa.fsx_xflags = xfs_ip2xflags(ip);
+ 	fa.fsx_extsize = ip->i_d.di_extsize << ip->i_mount->m_sb.sb_blocklog;

Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny1	Thu Sep 16 04:41:24 2010	(r16289)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny1	Thu Sep 16 05:19:42 2010	(r16290)
@@ -1,3 +1,4 @@
 + bugfix/all/irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch
 + bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch
 + bugfix/all/alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
++ bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch



More information about the Kernel-svn-changes mailing list