[kernel] r18551 - in dists/lenny-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Tue Jan 17 17:36:50 UTC 2012
Author: dannf
Date: Tue Jan 17 17:36:48 2012
New Revision: 18551
Log:
hfs: add sanity check for file name length (CVE-2011-4330)
Added:
dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
Modified:
dists/lenny-security/linux-2.6/debian/changelog
dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
Modified: dists/lenny-security/linux-2.6/debian/changelog
==============================================================================
--- dists/lenny-security/linux-2.6/debian/changelog Tue Jan 17 17:36:42 2012 (r18550)
+++ dists/lenny-security/linux-2.6/debian/changelog Tue Jan 17 17:36:48 2012 (r18551)
@@ -8,6 +8,7 @@
* [x86] KVM: Prevent starting PIT timers in the absence of irqchip support
(CVE-2011-4622)
* jbd/jbd2: validate sb->s_first in journal_get_superblock() (CVE-2011-4132)
+ * hfs: add sanity check for file name length (CVE-2011-4330)
-- dann frazier <dannf at debian.org> Fri, 06 Jan 2012 21:15:07 -0700
Added: dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/lenny-security/linux-2.6/debian/patches/bugfix/all/hfs-add-sanity-check-for-file-name-length.patch Tue Jan 17 17:36:48 2012 (r18551)
@@ -0,0 +1,27 @@
+commit bc5b8a9003132ae44559edd63a1623b7b99dfb68
+Author: Dan Carpenter <dan.carpenter at oracle.com>
+Date: Mon Nov 14 17:52:08 2011 +0300
+
+ hfs: add sanity check for file name length
+
+ On a corrupted file system the ->len field could be wrong leading to
+ a buffer overflow.
+
+ Reported-and-acked-by: Clement LECIGNE <clement.lecigne at netasq.com>
+ Signed-off-by: Dan Carpenter <dan.carpenter at oracle.com>
+ Cc: stable at kernel.org
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c
+index e673a88..b1ce4c7 100644
+--- a/fs/hfs/trans.c
++++ b/fs/hfs/trans.c
+@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in)
+
+ src = in->name;
+ srclen = in->len;
++ if (srclen > HFS_NAMELEN)
++ srclen = HFS_NAMELEN;
+ dst = out;
+ dstlen = HFS_MAX_NAMELEN;
+ if (nls_io) {
Modified: dists/lenny-security/linux-2.6/debian/patches/series/27lenny1
==============================================================================
--- dists/lenny-security/linux-2.6/debian/patches/series/27lenny1 Tue Jan 17 17:36:42 2012 (r18550)
+++ dists/lenny-security/linux-2.6/debian/patches/series/27lenny1 Tue Jan 17 17:36:48 2012 (r18551)
@@ -6,3 +6,4 @@
+ bugfix/all/rose-add-length-checks-to-CALL_REQUEST-parsing.patch
+ bugfix/x86/kvm-prevent-starting-pit-timers-in-the-absence-of-irqchip-support.patch
+ bugfix/all/jbd,jb2-validate-sb-s_first-in-journal_get_superblock.patch
++ bugfix/all/hfs-add-sanity-check-for-file-name-length.patch
More information about the Kernel-svn-changes
mailing list