[kernel] r7154 - in dists/sid/linux-2.6.16/debian: . patches

Sun, 13 Aug 2006 22:21:19 -0700 

Author: dannf
Date: Mon Aug 14 05:20:32 2006
New Revision: 7154

Added:
   dists/sid/linux-2.6.16/debian/patches/fs-ext3-bad-nfs-handle.patch
   dists/sid/linux-2.6.16/debian/patches/series/18
Modified:
   dists/sid/linux-2.6.16/debian/changelog

Log:
* fs-ext3-bad-nfs-handle.patch: avoid triggering ext3_error on bad NFS
  file handle (CVE-2006-3468)

Modified: dists/sid/linux-2.6.16/debian/changelog
==============================================================================
--- dists/sid/linux-2.6.16/debian/changelog     (original)
+++ dists/sid/linux-2.6.16/debian/changelog     Mon Aug 14 05:20:32 2006
@@ -1,9 +1,14 @@
 linux-2.6.16 (2.6.16-18) UNRELEASED; urgency=low
 
+  [ Sven Luther ]
   * [powerpc] Added console=hvsi0 too to CMDLINE to the powerpc64 flavour,
     for non-virtualized IBM power machines serial console.
 
- -- Sven Luther <[EMAIL PROTECTED]>  Wed,  9 Aug 2006 20:34:19 +0200
+  [ dann frazier ]
+  * fs-ext3-bad-nfs-handle.patch: avoid triggering ext3_error on bad NFS
+    file handle (CVE-2006-3468)
+
+ -- dann frazier <[EMAIL PROTECTED]>  Sun, 13 Aug 2006 23:11:56 -0600
 
 linux-2.6.16 (2.6.16-17) unstable; urgency=high
 

Added: dists/sid/linux-2.6.16/debian/patches/fs-ext3-bad-nfs-handle.patch
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6.16/debian/patches/fs-ext3-bad-nfs-handle.patch  Mon Aug 
14 05:20:32 2006
@@ -0,0 +1,78 @@
+diff -urN linux-2.6.16.27.orig/fs/ext3/inode.c linux-2.6.16.27/fs/ext3/inode.c
+--- linux-2.6.16.27.orig/fs/ext3/inode.c       2006-07-17 07:58:58.000000000 
-0600
++++ linux-2.6.16.27/fs/ext3/inode.c    2006-08-13 22:57:14.000000000 -0600
+@@ -2259,16 +2259,15 @@
+       struct ext3_group_desc * gdp;
+ 
+ 
+-      if ((ino != EXT3_ROOT_INO &&
+-              ino != EXT3_JOURNAL_INO &&
+-              ino != EXT3_RESIZE_INO &&
+-              ino < EXT3_FIRST_INO(sb)) ||
+-              ino > le32_to_cpu(
+-                      EXT3_SB(sb)->s_es->s_inodes_count)) {
+-              ext3_error (sb, "ext3_get_inode_block",
+-                          "bad inode number: %lu", ino);
++      if (!ext3_valid_inum(sb, ino)) {
++              /*
++               * This error is already checked for in namei.c unless we are
++               * looking at an NFS filehandle, in which case no error
++               * report is needed
++               */
+               return 0;
+       }
++
+       block_group = (ino - 1) / EXT3_INODES_PER_GROUP(sb);
+       if (block_group >= EXT3_SB(sb)->s_groups_count) {
+               ext3_error (sb, "ext3_get_inode_block",
+diff -urN linux-2.6.16.27.orig/fs/ext3/namei.c linux-2.6.16.27/fs/ext3/namei.c
+--- linux-2.6.16.27.orig/fs/ext3/namei.c       2006-07-17 07:58:58.000000000 
-0600
++++ linux-2.6.16.27/fs/ext3/namei.c    2006-08-13 22:57:14.000000000 -0600
+@@ -1000,7 +1000,12 @@
+       if (bh) {
+               unsigned long ino = le32_to_cpu(de->inode);
+               brelse (bh);
+-              inode = iget(dir->i_sb, ino);
++              if (!ext3_valid_inum(dir->i_sb, ino)) {
++                      ext3_error(dir->i_sb, "ext3_lookup",
++                                 "bad inode number: %lu", ino);
++                      inode = NULL;
++              } else
++                      inode = iget(dir->i_sb, ino);
+ 
+               if (!inode)
+                       return ERR_PTR(-EACCES);
+@@ -1028,7 +1033,13 @@
+               return ERR_PTR(-ENOENT);
+       ino = le32_to_cpu(de->inode);
+       brelse(bh);
+-      inode = iget(child->d_inode->i_sb, ino);
++
++      if (!ext3_valid_inum(child->d_inode->i_sb, ino)) {
++              ext3_error(child->d_inode->i_sb, "ext3_get_parent",
++                         "bad inode number: %lu", ino);
++              inode = NULL;
++      } else
++              inode = iget(child->d_inode->i_sb, ino);
+ 
+       if (!inode)
+               return ERR_PTR(-EACCES);
+diff -urN linux-2.6.16.27.orig/include/linux/ext3_fs.h 
linux-2.6.16.27/include/linux/ext3_fs.h
+--- linux-2.6.16.27.orig/include/linux/ext3_fs.h       2006-07-17 
07:58:58.000000000 -0600
++++ linux-2.6.16.27/include/linux/ext3_fs.h    2006-08-13 22:57:14.000000000 
-0600
+@@ -494,6 +494,15 @@
+ {
+       return container_of(inode, struct ext3_inode_info, vfs_inode);
+ }
++
++static inline int ext3_valid_inum(struct super_block *sb, unsigned long ino)
++{
++      return ino == EXT3_ROOT_INO ||
++              ino == EXT3_JOURNAL_INO ||
++              ino == EXT3_RESIZE_INO ||
++              (ino >= EXT3_FIRST_INO(sb) &&
++               ino <= le32_to_cpu(EXT3_SB(sb)->s_es->s_inodes_count));
++}
+ #else
+ /* Assume that user mode programs are passing in an ext3fs superblock, not
+  * a kernel struct super_block.  This will allow us to call the feature-test

Added: dists/sid/linux-2.6.16/debian/patches/series/18
==============================================================================
--- (empty file)
+++ dists/sid/linux-2.6.16/debian/patches/series/18     Mon Aug 14 05:20:32 2006
@@ -0,0 +1 @@
++ fs-ext3-bad-nfs-handle.patch

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to