[linux] 01/01: fs: Fix oops when fcntl() is called on an aufs directory
debian-kernel at lists.debian.org
debian-kernel at lists.debian.org
Fri Sep 2 20:11:49 UTC 2016
This is an automated email from the git hooks/post-receive script.
benh pushed a commit to branch jessie-security
in repository linux.
commit 5a092f0ef9f759d382d11770a980b34e375a71b1
Author: Ben Hutchings <ben at decadent.org.uk>
Date: Wed Aug 31 02:43:16 2016 +0100
fs: Fix oops when fcntl() is called on an aufs directory
CVE-2016-7118; regression in 3.16.36-1.
In modifying the check for the setfl operation to be safe with old
modules that have a smaller file_operations structure, I mistakenly
dropped the check that the operation pointer is non-null. The
modified check rejects file_operations in any module other than the
rebuilt aufs, but it is still necessary to check the pointer because
for aufs directories it is NULL.
---
debian/changelog | 2 ++
debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch | 5 +++--
2 files changed, 5 insertions(+), 2 deletions(-)
diff --git a/debian/changelog b/debian/changelog
index 73470e1..433e7fb 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ linux (3.16.36-1+deb8u1) UNRELEASED; urgency=medium
[ Ben Hutchings ]
* tcp: make challenge acks less predictable (CVE-2016-5696)
* audit: fix a double fetch in audit_log_single_execve_arg() (CVE-2016-6136)
+ * fs: Fix oops when fcntl() is called on an aufs directory (CVE-2016-7118;
+ regression in 3.16.36-1)
[ Salvatore Bonaccorso ]
* tcp: fix use after free in tcp_xmit_retransmit_queue() (CVE-2016-6828)
diff --git a/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch b/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
index ec7003f..0627206 100644
--- a/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
+++ b/debian/patches/debian/fs-fix-abi-change-for-aufs-f_setfl-fix.patch
@@ -19,7 +19,7 @@ version of the module that implements the file_operations.
---
--- a/fs/fcntl.c
+++ b/fs/fcntl.c
-@@ -59,8 +59,20 @@ int setfl(int fd, struct file * filp, un
+@@ -59,8 +59,21 @@ int setfl(int fd, struct file * filp, un
if (filp->f_op->check_flags)
error = filp->f_op->check_flags(arg);
@@ -34,7 +34,8 @@ version of the module that implements the file_operations.
+#ifdef CONFIG_AUFS_FS_MODULE
+ if (!error && filp->f_op->owner &&
+ !strcmp(filp->f_op->owner->name, "aufs") &&
-+ strstr(filp->f_op->owner->version, "+setfl"))
++ strstr(filp->f_op->owner->version, "+setfl") &&
++ filp->f_op->setfl)
error = filp->f_op->setfl(filp, arg);
+#endif
+
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/kernel/linux.git
More information about the Kernel-svn-changes
mailing list