[kernel] r17190 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

[Dann Frazier]

Author: dannf
Date: Mon Apr  4 01:03:25 2011
New Revision: 17190

Log:
fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/26lenny3

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 00:39:36 2011	(r17189)
+++ dists/lenny-security/linux-2.6/debian/changelog	Mon Apr  4 01:03:25 2011	(r17190)
@@ -4,6 +4,7 @@
   * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
     (CVE-2011-0711)
   * [s390] remove task_show_regs (CVE-2011-0710)
+  * fs/partitions: Validate map_count in Mac partition tables (CVE-2011-1010)
 
  -- dann frazier <dannf at debian.org>  Wed, 30 Mar 2011 22:46:26 -0600
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch	Mon Apr  4 01:03:25 2011	(r17190)
@@ -0,0 +1,62 @@
+commit fa7ea87a057958a8b7926c1a60a3ca6d696328ed
+Author: Timo Warns <warns at pre-sense.de>
+Date:   Thu Feb 17 22:27:40 2011 +0100
+
+    fs/partitions: Validate map_count in Mac partition tables
+    
+    Validate number of blocks in map and remove redundant variable.
+    
+    Signed-off-by: Timo Warns <warns at pre-sense.de>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+    [dannf: backported to Debian's 2.6.26]
+
+diff --git a/fs/partitions/mac.c b/fs/partitions/mac.c
+index d4a0fad..5765198 100644
+--- a/fs/partitions/mac.c
++++ b/fs/partitions/mac.c
+@@ -29,10 +29,9 @@ static inline void mac_fix_string(char *stg, int len)
+ 
+ int mac_partition(struct parsed_partitions *state, struct block_device *bdev)
+ {
+-	int slot = 1;
+ 	Sector sect;
+ 	unsigned char *data;
+-	int blk, blocks_in_map;
++	int slot, blocks_in_map;
+ 	unsigned secsize;
+ #ifdef CONFIG_PPC_PMAC
+ 	int found_root = 0;
+@@ -59,10 +58,14 @@ int mac_partition(struct parsed_partitions *state, struct block_device *bdev)
+ 		put_dev_sector(sect);
+ 		return 0;		/* not a MacOS disk */
+ 	}
+-	printk(" [mac]");
+ 	blocks_in_map = be32_to_cpu(part->map_count);
+-	for (blk = 1; blk <= blocks_in_map; ++blk) {
+-		int pos = blk * secsize;
++	if (blocks_in_map < 0 || blocks_in_map >= DISK_MAX_PARTS) {
++		put_dev_sector(sect);
++		return 0;
++	}
++	printk(" [mac]");
++	for (slot = 1; slot <= blocks_in_map; ++slot) {
++		int pos = slot * secsize;
+ 		put_dev_sector(sect);
+ 		data = read_dev_sector(bdev, pos/512, &sect);
+ 		if (!data)
+@@ -113,13 +116,11 @@ int mac_partition(struct parsed_partitions *state, struct block_device *bdev)
+ 			}
+ 
+ 			if (goodness > found_root_goodness) {
+-				found_root = blk;
++				found_root = slot;
+ 				found_root_goodness = goodness;
+ 			}
+ 		}
+ #endif /* CONFIG_PPC_PMAC */
+-
+-		++slot;
+ 	}
+ #ifdef CONFIG_PPC_PMAC
+ 	if (found_root_goodness)

Modified: dists/lenny-security/linux-2.6/debian/patches/series/26lenny3
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 00:39:36 2011	(r17189)
+++ dists/lenny-security/linux-2.6/debian/patches/series/26lenny3	Mon Apr  4 01:03:25 2011	(r17190)
@@ -2,3 +2,4 @@
 + bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch
 + bugfix/all/xfs-zero-proper-structure-size-for-geometry-calls.patch
 + bugfix/s390/remove-task_show_regs.patch
++ bugfix/all/fs-partitions-Validate-map_count-in-Mac-partition-tables.patch