[kernel] r22407 - in dists/wheezy-security/linux/debian: . patches patches/bugfix/all
Ben Hutchings
benh at moszumanska.debian.org
Fri Feb 20 02:37:24 UTC 2015
Author: benh
Date: Fri Feb 20 02:37:23 2015
New Revision: 22407
Log:
eCryptfs: Remove buggy and unnecessary write in file name decode routine (CVE-2014-9683)
Added:
dists/wheezy-security/linux/debian/patches/bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode.patch
Modified:
dists/wheezy-security/linux/debian/changelog
dists/wheezy-security/linux/debian/patches/series
Modified: dists/wheezy-security/linux/debian/changelog
==============================================================================
--- dists/wheezy-security/linux/debian/changelog Wed Feb 18 12:51:30 2015 (r22406)
+++ dists/wheezy-security/linux/debian/changelog Fri Feb 20 02:37:23 2015 (r22407)
@@ -24,6 +24,8 @@
* Fix regressions caused by CVE-2014-8133 fix:
- [amd64] tls, ldt: Stop checking lm in LDT_empty
- [x86] tls: Interpret an all-zero struct user_desc as "no segment"
+ * eCryptfs: Remove buggy and unnecessary write in file name decode
+ routine (CVE-2014-9683)
-- Ben Hutchings <ben at decadent.org.uk> Thu, 29 Jan 2015 04:02:31 +0000
Added: dists/wheezy-security/linux/debian/patches/bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/wheezy-security/linux/debian/patches/bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode.patch Fri Feb 20 02:37:23 2015 (r22407)
@@ -0,0 +1,31 @@
+From: Michael Halcrow <mhalcrow at google.com>
+Date: Wed, 26 Nov 2014 09:09:16 -0800
+Subject: eCryptfs: Remove buggy and unnecessary write in file name decode
+ routine
+
+commit 942080643bce061c3dd9d5718d3b745dcb39a8bc upstream.
+
+Dmitry Chernenkov used KASAN to discover that eCryptfs writes past the
+end of the allocated buffer during encrypted filename decoding. This
+fix corrects the issue by getting rid of the unnecessary 0 write when
+the current bit offset is 2.
+
+Signed-off-by: Michael Halcrow <mhalcrow at google.com>
+Reported-by: Dmitry Chernenkov <dmitryc at google.com>
+Suggested-by: Kees Cook <keescook at chromium.org>
+Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
+Signed-off-by: Ben Hutchings <ben at decadent.org.uk>
+---
+ fs/ecryptfs/crypto.c | 1 -
+ 1 file changed, 1 deletion(-)
+
+--- a/fs/ecryptfs/crypto.c
++++ b/fs/ecryptfs/crypto.c
+@@ -2038,7 +2038,6 @@ ecryptfs_decode_from_filename(unsigned c
+ break;
+ case 2:
+ dst[dst_byte_offset++] |= (src_byte);
+- dst[dst_byte_offset] = 0;
+ current_bit_offset = 0;
+ break;
+ }
Modified: dists/wheezy-security/linux/debian/patches/series
==============================================================================
--- dists/wheezy-security/linux/debian/patches/series Wed Feb 18 12:51:30 2015 (r22406)
+++ dists/wheezy-security/linux/debian/patches/series Fri Feb 20 02:37:23 2015 (r22407)
@@ -1172,3 +1172,4 @@
bugfix/all/net-sctp-fix-slab-corruption-from-use-after-free-on-init-collisions.patch
bugfix/x86/x86-tls-ldt-stop-checking-lm-in-ldt_empty.patch
bugfix/x86/x86-tls-interpret-an-all-zero-struct-user_desc-as-no-segment.patch
+bugfix/all/ecryptfs-remove-buggy-and-unnecessary-write-in-file-name-decode.patch
More information about the Kernel-svn-changes
mailing list