[kernel] r16291 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Sep 16 05:30:17 UTC 2010
Author: dannf
Date: Thu Sep 16 05:30:12 2010
New Revision: 16291
Log:
ecryptfs: Bugfix for error related to ecryptfs_hash_buckets (CVE-2010-2492)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Thu Sep 16 05:19:42 2010 (r16290)
+++ dists/lenny-security/linux-2.6/debian/changelog Thu Sep 16 05:30:12 2010 (r16291)
@@ -7,6 +7,7 @@
* ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
(CVE-2010-3080)
* xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
+ * ecryptfs: Bugfix for error related to ecryptfs_hash_buckets (CVE-2010-2492)
-- dann frazier <dannf at debian.org> Thu, 09 Sep 2010 19:11:27 -0600
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch Thu Sep 16 05:30:12 2010 (r16291)
@@ -0,0 +1,69 @@
+commit 9eaef901260e63dd2a80fcca8f0a7fd18364f6a3
+Author: Andre Osterhues <aosterhues at escrypt.com>
+Date: Tue Jul 13 15:59:17 2010 -0500
+
+ ecryptfs: Bugfix for error related to ecryptfs_hash_buckets
+
+ The function ecryptfs_uid_hash wrongly assumes that the
+ second parameter to hash_long() is the number of hash
+ buckets instead of the number of hash bits.
+ This patch fixes that and renames the variable
+ ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
+ clearer.
+
+ Fixes: CVE-2010-2492
+
+ Signed-off-by: Andre Osterhues <aosterhues at escrypt.com>
+ Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
+index 1b5c200..517bd46 100644
+--- a/fs/ecryptfs/messaging.c
++++ b/fs/ecryptfs/messaging.c
+@@ -30,9 +30,9 @@ static struct mutex ecryptfs_msg_ctx_lists_mux;
+
+ static struct hlist_head *ecryptfs_daemon_hash;
+ struct mutex ecryptfs_daemon_hash_mux;
+-static int ecryptfs_hash_buckets;
++static int ecryptfs_hash_bits;
+ #define ecryptfs_uid_hash(uid) \
+- hash_long((unsigned long)uid, ecryptfs_hash_buckets)
++ hash_long((unsigned long)uid, ecryptfs_hash_bits)
+
+ static u32 ecryptfs_msg_counter;
+ static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
+@@ -599,18 +599,19 @@ int ecryptfs_init_messaging(unsigned int transport)
+ }
+ mutex_init(&ecryptfs_daemon_hash_mux);
+ mutex_lock(&ecryptfs_daemon_hash_mux);
+- ecryptfs_hash_buckets = 1;
+- while (ecryptfs_number_of_users >> ecryptfs_hash_buckets)
+- ecryptfs_hash_buckets++;
++ ecryptfs_hash_bits = 1;
++ while (ecryptfs_number_of_users >> ecryptfs_hash_bits)
++ ecryptfs_hash_bits++;
+ ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
+- * ecryptfs_hash_buckets), GFP_KERNEL);
++ * (1 << ecryptfs_hash_bits)),
++ GFP_KERNEL);
+ if (!ecryptfs_daemon_hash) {
+ rc = -ENOMEM;
+ printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
+ mutex_unlock(&ecryptfs_daemon_hash_mux);
+ goto out;
+ }
+- for (i = 0; i < ecryptfs_hash_buckets; i++)
++ for (i = 0; i < (1 << ecryptfs_hash_bits); i++)
+ INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
+ mutex_unlock(&ecryptfs_daemon_hash_mux);
+ ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
+@@ -680,7 +681,7 @@ void ecryptfs_release_messaging(unsigned int transport)
+ int i;
+
+ mutex_lock(&ecryptfs_daemon_hash_mux);
+- for (i = 0; i < ecryptfs_hash_buckets; i++) {
++ for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
+ int rc;
+
+ hlist_for_each_entry(daemon, elem,
Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny1 Thu Sep 16 05:19:42 2010 (r16290)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny1 Thu Sep 16 05:30:12 2010 (r16291)
@@ -2,3 +2,4 @@
+ bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch
+ bugfix/all/alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
+ bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
++ bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch
More information about the Kernel-svn-changes
mailing list