[kernel] r17310 - in dists/sid/linux-2.6/debian: . patches/debian patches/series

Ben Hutchings benh at alioth.debian.org
Sat May 7 03:21:09 UTC 2011 

Author: benh
Date: Sat May  7 03:21:05 2011
New Revision: 17310

Log:
ldm: Disable broken support for VBLK fragments (CVE-2011-1017)

Added:
   dists/sid/linux-2.6/debian/patches/debian/ldm-Disable-broken-support-for-VBLK-fragments.patch
Modified:
   dists/sid/linux-2.6/debian/changelog
   dists/sid/linux-2.6/debian/patches/series/5

Modified: dists/sid/linux-2.6/debian/changelog
==============================================================================
--- dists/sid/linux-2.6/debian/changelog	Sat May  7 03:16:49 2011	(r17309)
+++ dists/sid/linux-2.6/debian/changelog	Sat May  7 03:21:05 2011	(r17310)
@@ -42,6 +42,7 @@
     (CVE-2011-1494, CVE-2011-1495)
   * [armel] Prevent heap corruption in OABI semtimedop
   * can: Add missing socket check in can/bcm release (CVE-2011-1598)
+  * ldm: Disable broken support for VBLK fragments (CVE-2011-1017)
 
  -- Ben Hutchings <ben at decadent.org.uk>  Mon, 25 Apr 2011 02:15:23 +0100
 

Added: dists/sid/linux-2.6/debian/patches/debian/ldm-Disable-broken-support-for-VBLK-fragments.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/sid/linux-2.6/debian/patches/debian/ldm-Disable-broken-support-for-VBLK-fragments.patch	Sat May  7 03:21:05 2011	(r17310)
@@ -0,0 +1,40 @@
+From 4d63520dde51d94fd9563cf292a71edc49cfa04e Mon Sep 17 00:00:00 2001
+From: Ben Hutchings <ben at decadent.org.uk>
+Date: Sat, 7 May 2011 04:03:58 +0100
+Subject: [PATCH] ldm: Disable broken support for VBLK fragments
+
+ldm_frag_add() has various bugs which can be exploited with a
+carefully constructed partition table to cause denial-of-service or
+privilege escalation.  Further, it doesn't appear to work for any
+valid fragmented VBLKs either.  Disable it until a fix is available.
+---
+ fs/partitions/ldm.c |    6 ++++++
+ 1 files changed, 6 insertions(+), 0 deletions(-)
+
+diff --git a/fs/partitions/ldm.c b/fs/partitions/ldm.c
+index b10e354..d963c86 100644
+--- a/fs/partitions/ldm.c
++++ b/fs/partitions/ldm.c
+@@ -1293,6 +1293,11 @@ static bool ldm_ldmdb_add (u8 *data, int len, struct ldmdb *ldb)
+  */
+ static bool ldm_frag_add (const u8 *data, int size, struct list_head *frags)
+ {
++#if 1
++	/* This function doesn't work */
++	ldm_error("Unsupported fragmented VBLK.");
++	return false;
++#else
+ 	struct frag *f;
+ 	struct list_head *item;
+ 	int rec, num, group;
+@@ -1341,6 +1346,7 @@ found:
+ 	memcpy (f->data+rec*(size-VBLK_SIZE_HEAD)+VBLK_SIZE_HEAD, data, size);
+ 
+ 	return true;
++#endif
+ }
+ 
+ /**
+-- 
+1.7.4.4
+

Modified: dists/sid/linux-2.6/debian/patches/series/5
==============================================================================
--- dists/sid/linux-2.6/debian/patches/series/5	Sat May  7 03:16:49 2011	(r17309)
+++ dists/sid/linux-2.6/debian/patches/series/5	Sat May  7 03:21:05 2011	(r17310)
@@ -14,3 +14,4 @@
 + bugfix/all/mpt2sas-prevent-heap-overflows-and-unchecked-reads.patch
 + bugfix/arm/arm-6891-1-prevent-heap-corruption-in-oabi-semtimedop.patch
 + bugfix/all/can-add-missing-socket-check-in-can-bcm-release.patch
++ debian/ldm-Disable-broken-support-for-VBLK-fragments.patch

More information about the Kernel-svn-changes mailing list