[linux] 01/02: fs: Fix oops when fcntl() is called on an aufs directory
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Sep 2 19:52:08 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch wheezy-security
in repository linux.
commit f2f6f5fe2f53db2a262c7005df189e4a6bdbd608
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Aug 31 02:43:16 2016 +0100
fs: Fix oops when fcntl() is called on an aufs directory
CVE-2016-7118; regression in 3.2.81-1.
In modifying the check for the setfl operation to be safe with old
modules that have a smaller file_operations structure, I mistakenly
dropped the check that the operation pointer is non-null. The
modified check rejects file_operations in any module other than the
rebuilt aufs, but it is still necessary to check the pointer because
for aufs directories it is NULL.
---
debian/changelog | 2 ++
debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index ee1a74d..84bc0ec 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,8 @@ linux (3.2.81-2) UNRELEASED; urgency=medium
* [arm*] oabi compat: add missing access checks (CVE-2016-3857)
* aacraid: Check size values after double-fetch from user (CVE-2016-6480)
* tcp: fix use after free in tcp_xmit_retransmit_queue() (CVE-2016-6828)
+ * fs: Fix oops when fcntl() is called on an aufs directory (CVE-2016-7118;
+ regression in 3.2.81-1)
-- Ben Hutchings <ben at decadent.org.uk> Fri, 17 Jun 2016 23:35:41 +0100
diff --git a/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch b/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
index c35f7d9..ed13cae 100644
--- a/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
+++ b/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
@@ -19,7 +19,7 @@ version of the module that implements the file_operations.
---
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -175,8 +175,20 @@ int setfl(int fd, struct file * filp, un
+@@ -175,8 +175,21 @@ int setfl(int fd, struct file * filp, un
if (filp->f_op && filp->f_op->check_flags)
error = filp->f_op->check_flags(arg);
@@ -34,7 +34,8 @@ version of the module that implements the file_operations.
+#ifdef CONFIG_AUFS_FS_MODULE
+ if (!error && filp->f_op->owner &&
+ !strcmp(filp->f_op->owner->name, "aufs") &&
-+ strstr(filp->f_op->owner->version, "+setfl"))
++ strstr(filp->f_op->owner->version, "+setfl") &&
++ filp->f_op->setfl)
error = filp->f_op->setfl(filp, arg);
+#endif
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list