[kernel] r18551 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series

Dann Frazier dannf at alioth.debian.org
Tue Jan 17 17:36:50 UTC 2012 

Author: dannf
Date: Tue Jan 17 17:36:48 2012
New Revision: 18551

Log:
hfs: add sanity check for file name length (CVE-2011-4330)

Added:
   dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
Modified:
   dists/lenny-security/linux-2.6/debian/changelog
   dists/lenny-security/linux-2.6/debian/patches/series/27lenny1

Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog	Tue Jan 17 17:36:42 2012	(r18550)
+++ dists/lenny-security/linux-2.6/debian/changelog	Tue Jan 17 17:36:48 2012	(r18551)
@@ -8,6 +8,7 @@
   * [x86] KVM: Prevent starting PIT timers in the absence of irqchip support
     (CVE-2011-4622)
   * jbd/jbd2: validate sb->s_first in journal_get_superblock() (CVE-2011-4132)
+  * hfs: add sanity check for file name length (CVE-2011-4330)
 
  -- dann frazier <dannf at debian.org>  Fri, 06 Jan 2012 21:15:07 -0700
 

Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch	Tue Jan 17 17:36:48 2012	(r18551)
@@ -0,0 +1,27 @@
+commit bc5b8a9003132ae44559edd63a1623b7b99dfb68
+Author: Dan Carpenter <dan.carpenter at oracle.com>
+Date:   Mon Nov 14 17:52:08 2011 +0300
+
+    hfs: add sanity check for file name length
+    
+    On a corrupted file system the ->len field could be wrong leading to
+    a buffer overflow.
+    
+    Reported-and-acked-by: Clement LECIGNE <clement.lecigne at netasq.com>
+    Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
+    Cc: stable at kernel.org
+    Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
+index e673a88..b1ce4c7 100644
+--- a/fs/hfs/trans.c
++++ b/fs/hfs/trans.c
+@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in)
+ 
+ 	src = in->name;
+ 	srclen = in->len;
++	if (srclen > HFS_NAMELEN)
++		srclen = HFS_NAMELEN;
+ 	dst = out;
+ 	dstlen = HFS_MAX_NAMELEN;
+ 	if (nls_io) {

Modified: dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/27lenny1	Tue Jan 17 17:36:42 2012	(r18550)
+++ dists/lenny-security/linux-2.6/debian/patches/series/27lenny1	Tue Jan 17 17:36:48 2012	(r18551)
@@ -6,3 +6,4 @@
 + bugfix/all/rose-add-length-checks-to-CALL_REQUEST-parsing.patch
 + bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch
 + bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch
++ bugfix/all/hfs-add-sanity-check-for-file-name-length.patch

More information about the Kernel-svn-changes mailing list