[kernel] r17109 - in dists/squeeze/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Thu Mar 24 05:56:19 UTC 2011 

Author: dannf
Date: Thu Mar 24 05:56:17 2011
New Revision: 17109

Log:
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
(CVE-2011-0711)

Added:
   dists/squeeze/linux-2.6/debian/patches/bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch
Modified:
   dists/squeeze/linux-2.6/debian/changelog
   dists/squeeze/linux-2.6/debian/patches/series/32

Modified: dists/squeeze/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze/linux-2.6/debian/changelog	Thu Mar 24 05:29:31 2011	(r17108)
+++ dists/squeeze/linux-2.6/debian/changelog	Thu Mar 24 05:56:17 2011	(r17109)
@@ -25,6 +25,8 @@
 
   [ dann frazier ]
   * Fix corrupted OSF partition table parsing (CVE-2011-1163)
+  * xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
+    (CVE-2011-0711)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Sat, 12 Mar 2011 20:20:58 +0000
 

Added: dists/squeeze/linux-2.6/debian/patches/bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/squeeze/linux-2.6/debian/patches/bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch	Thu Mar 24 05:56:17 2011	(r17109)
@@ -0,0 +1,33 @@
+commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba
+Author: Dan Rosenberg <drosenberg at vsecurity.com>
+Date:   Mon Feb 14 13:45:28 2011 +0000
+
+    xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1
+    
+    The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
+    xfs_fs_geometry() with a version number of 3.  This code path does not
+    fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
+    the leaking of four bytes of uninitialized stack data to potentially
+    unprivileged callers.
+    
+    v2 switches to memset() to avoid future issues if structure members
+    change, on suggestion of Dave Chinner.
+    
+    Signed-off-by: Dan Rosenberg <drosenberg at vsecurity.com>
+    Reviewed-by: Eugene Teo <eugeneteo at kernel.org>
+    Signed-off-by: Alex Elder <aelder at sgi.com>
+
+diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
+index cec89dd..85668ef 100644
+--- a/fs/xfs/xfs_fsops.c
++++ b/fs/xfs/xfs_fsops.c
+@@ -53,6 +53,9 @@ xfs_fs_geometry(
+ 	xfs_fsop_geom_t		*geo,
+ 	int			new_version)
+ {
++
++	memset(geo, 0, sizeof(*geo));
++
+ 	geo->blocksize = mp->m_sb.sb_blocksize;
+ 	geo->rtextsize = mp->m_sb.sb_rextsize;
+ 	geo->agblocks = mp->m_sb.sb_agblocks;

Modified: dists/squeeze/linux-2.6/debian/patches/series/32
==============================================================================
--- dists/squeeze/linux-2.6/debian/patches/series/32	Thu Mar 24 05:29:31 2011	(r17108)
+++ dists/squeeze/linux-2.6/debian/patches/series/32	Thu Mar 24 05:56:17 2011	(r17109)
@@ -7,3 +7,4 @@
 + bugfix/all/r8169-Fix-up-backport-of-r8169-keep-firmware-in-memo.patch
 + bugfix/all/fix-corrupted-osf-partition-parsing.patch
 + bugfix/all/increase-osf-partition-limit-from-8-to-18.patch
++ bugfix/all/xfs-prevent-leaking-uninitialized-stack-memory-in-FSGEOMETRY_V1.patch

More information about the Kernel-svn-changes mailing list