[kernel] r16291 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Thu Sep 16 05:30:17 UTC 2010

Author: dannf
Date: Thu Sep 16 05:30:12 2010
New Revision: 16291

Log:
ecryptfs: Bugfix for error related to ecryptfs_hash_buckets (CVE-2010-2492)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/25lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================

--- dists/lenny-security/linux-2.6/debian/changelog	Thu Sep 16 05:19:42 2010	(r16290)
+++ dists/lenny-security/linux-2.6/debian/changelog	Thu Sep 16 05:30:12 2010	(r16291)
@@ -7,6 +7,7 @@
   * ALSA: seq/oss - Fix double-free at error path of snd_seq_oss_open()
     (CVE-2010-3080)
   * xfs: prevent reading uninitialized stack memory (CVE-2010-3078)
+  * ecryptfs: Bugfix for error related to ecryptfs_hash_buckets (CVE-2010-2492)
 
  -- dann frazier <dannf at debian.org>  Thu, 09 Sep 2010 19:11:27 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch	Thu Sep 16 05:30:12 2010	(r16291)
@@ -0,0 +1,69 @@
+commit 9eaef901260e63dd2a80fcca8f0a7fd18364f6a3
+Author: Andre Osterhues <aosterhues at escrypt.com>
+Date:   Tue Jul 13 15:59:17 2010 -0500
+
+    ecryptfs: Bugfix for error related to ecryptfs_hash_buckets
+    
+    The function ecryptfs_uid_hash wrongly assumes that the
+    second parameter to hash_long() is the number of hash
+    buckets instead of the number of hash bits.
+    This patch fixes that and renames the variable
+    ecryptfs_hash_buckets to ecryptfs_hash_bits to make it
+    clearer.
+    
+    Fixes: CVE-2010-2492
+    
+    Signed-off-by: Andre Osterhues <aosterhues at escrypt.com>
+    Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/ecryptfs/messaging.c b/fs/ecryptfs/messaging.c
+index 1b5c200..517bd46 100644
+--- a/fs/ecryptfs/messaging.c
++++ b/fs/ecryptfs/messaging.c
+@@ -30,9 +30,9 @@ static struct mutex ecryptfs_msg_ctx_lists_mux;
+ 
+ static struct hlist_head *ecryptfs_daemon_hash;
+ struct mutex ecryptfs_daemon_hash_mux;
+-static int ecryptfs_hash_buckets;
++static int ecryptfs_hash_bits;
+ #define ecryptfs_uid_hash(uid) \
+-        hash_long((unsigned long)uid, ecryptfs_hash_buckets)
++        hash_long((unsigned long)uid, ecryptfs_hash_bits)
+ 
+ static u32 ecryptfs_msg_counter;
+ static struct ecryptfs_msg_ctx *ecryptfs_msg_ctx_arr;
+@@ -599,18 +599,19 @@ int ecryptfs_init_messaging(unsigned int transport)
+ 	}
+ 	mutex_init(&ecryptfs_daemon_hash_mux);
+ 	mutex_lock(&ecryptfs_daemon_hash_mux);
+-	ecryptfs_hash_buckets = 1;
+-	while (ecryptfs_number_of_users >> ecryptfs_hash_buckets)
+-		ecryptfs_hash_buckets++;
++	ecryptfs_hash_bits = 1;
++	while (ecryptfs_number_of_users >> ecryptfs_hash_bits)
++		ecryptfs_hash_bits++;
+ 	ecryptfs_daemon_hash = kmalloc((sizeof(struct hlist_head)
+-					* ecryptfs_hash_buckets), GFP_KERNEL);
++					* (1 << ecryptfs_hash_bits)),
++				       GFP_KERNEL);
+ 	if (!ecryptfs_daemon_hash) {
+ 		rc = -ENOMEM;
+ 		printk(KERN_ERR "%s: Failed to allocate memory\n", __func__);
+ 		mutex_unlock(&ecryptfs_daemon_hash_mux);
+ 		goto out;
+ 	}
+-	for (i = 0; i < ecryptfs_hash_buckets; i++)
++	for (i = 0; i < (1 << ecryptfs_hash_bits); i++)
+ 		INIT_HLIST_HEAD(&ecryptfs_daemon_hash[i]);
+ 	mutex_unlock(&ecryptfs_daemon_hash_mux);
+ 	ecryptfs_msg_ctx_arr = kmalloc((sizeof(struct ecryptfs_msg_ctx)
+@@ -680,7 +681,7 @@ void ecryptfs_release_messaging(unsigned int transport)
+ 		int i;
+ 
+ 		mutex_lock(&ecryptfs_daemon_hash_mux);
+-		for (i = 0; i < ecryptfs_hash_buckets; i++) {
++		for (i = 0; i < (1 << ecryptfs_hash_bits); i++) {
+ 			int rc;
+ 
+ 			hlist_for_each_entry(daemon, elem,

Modified: dists/lenny-security/linux-2.6/debian/patches/series/25lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/25lenny1	Thu Sep 16 05:19:42 2010	(r16290)
+++ dists/lenny-security/linux-2.6/debian/patches/series/25lenny1	Thu Sep 16 05:30:12 2010	(r16291)
@@ -2,3 +2,4 @@
 + bugfix/all/compat-make-compat_alloc_user_space-incorporate-the_access_ok.patch
 + bugfix/all/alsa-seq-oss-fix-double-free-at-error-path-of-snd_seq_oss_open.patch
 + bugfix/all/xfs-prevent-reading-uninitialized-stack-memory.patch
++ bugfix/all/ecryptfs-bugfix-for-error-related-to-ecryptfs_hash_buckets.patch

