[kernel] r6640 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

[Dann Frazier]

Author: dannf
Date: Sat May 20 07:28:49 2006
New Revision: 6640

Added:
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* s390-strnlen_user-return.dpatch
  [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
  returning a value that is too large
  See CVE-2006-0456

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog   
    Sat May 20 07:28:49 2006
@@ -77,8 +77,12 @@
     netfilter that allows local users with CAP_NET_ADMIN capabilities to
     read kernel memory
     See CVE-2006-0039
+  * s390-strnlen_user-return.dpatch
+    [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
+    returning a value that is too large
+    See CVE-2006-0456
 
- -- dann frazier <[EMAIL PROTECTED]>  Sat, 20 May 2006 02:15:22 -0500
+ -- dann frazier <[EMAIL PROTECTED]>  Sat, 20 May 2006 02:25:23 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
==============================================================================
--- (empty file)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
 Sat May 20 07:28:49 2006
@@ -0,0 +1,55 @@
+From: Gerald Schaefer <[EMAIL PROTECTED]>
+Date: Wed, 8 Mar 2006 05:55:37 +0000 (-0800)
+Subject: [PATCH] s390: fix strnlen_user return value
+X-Git-Tag: v2.6.16-rc6
+X-Git-Url: 
http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79
+
+[PATCH] s390: fix strnlen_user return value
+
+strnlen_user is supposed to return then length count + 1 if no terminating \0
+is found, and it should return 0 on exception.  Found by David Howells
+<[EMAIL PROTECTED]>.
+
+Signed-off-by: Gerald Schaefer <[EMAIL PROTECTED]>
+Signed-off-by: Heiko Carstens <[EMAIL PROTECTED]>
+Acked-By: David Howells <[EMAIL PROTECTED]>
+Signed-off-by: Andrew Morton <[EMAIL PROTECTED]>
+Signed-off-by: Linus Torvalds <[EMAIL PROTECTED]>
+---
+
+--- a/arch/s390/lib/uaccess.S
++++ b/arch/s390/lib/uaccess.S
+@@ -198,12 +198,12 @@ __strnlen_user_asm:
+ 0:    srst    %r2,%r1
+       jo      0b
+       sacf    0
+-      jh      1f              # \0 found in string ?
+       ahi     %r2,1           # strnlen_user result includes the \0
+-1:    slr     %r2,%r3
++                              # or return count+1 if \0 not found
++      slr     %r2,%r3
+       br      %r14
+ 2:    sacf    0
+-      lhi     %r2,-EFAULT
++      slr     %r2,%r2         # return 0 on exception
+       br      %r14
+       .section __ex_table,"a"
+       .long   0b,2b
+--- a/arch/s390/lib/uaccess64.S
++++ b/arch/s390/lib/uaccess64.S
+@@ -194,12 +194,12 @@ __strnlen_user_asm:
+ 0:    srst    %r2,%r1
+       jo      0b
+       sacf    0
+-      jh      1f              # \0 found in string ?
+       aghi    %r2,1           # strnlen_user result includes the \0
+-1:    slgr    %r2,%r3
++                              # or return count+1 if \0 not found
++      slgr    %r2,%r3
+       br      %r14
+ 2:    sacf    0
+-      lghi    %r2,-EFAULT
++      slgr    %r2,%r2         # return 0 on exception
+       br      %r14
+       .section __ex_table,"a"
+       .quad   0b,2b

Modified: 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
   (original)
+++ 
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
   Sat May 20 07:28:49 2006
@@ -21,3 +21,4 @@
 + amd64-fp-reg-leak-dep3.dpatch
 + amd64-fp-reg-leak.dpatch
 + do_add_counters-race.dpatch
++ s390-strnlen_user-return.dpatch

_______________________________________________
Kernel-svn-changes mailing list
Kernel-svn-changes@lists.alioth.debian.org
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes