Author: dannf
Date: Thu Aug 17 03:07:14 2006
New Revision: 7174
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nfs-handle-long-symlinks.dpatch
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Log:
* nfs-handle-long-symlinks.dpatch
[SECURITY] Fix buffer overflow in NFS readline handling that allows a
remote server to cause a denial of service (crash) via a long symlink
See CVE-2005-4798
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
Thu Aug 17 03:07:14 2006
@@ -9,8 +9,12 @@
* direct-io-write-mem-leak.dpatch
[SECURITY] Fix memory leak in O_DIRECT write.
See CVE-2004-2660
+ * nfs-handle-long-symlinks.dpatch
+ [SECURITY] Fix buffer overflow in NFS readline handling that allows a
+ remote server to cause a denial of service (crash) via a long symlink
+ See CVE-2005-4798
- -- dann frazier <[EMAIL PROTECTED]> Wed, 16 Aug 2006 14:00:11 -0600
+ -- dann frazier <[EMAIL PROTECTED]> Wed, 16 Aug 2006 20:24:10 -0600
kernel-source-2.6.8 (2.6.8-16sarge4) stable-security; urgency=high
Added:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nfs-handle-long-symlinks.dpatch
==============================================================================
--- (empty file)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/nfs-handle-long-symlinks.dpatch
Thu Aug 17 03:07:14 2006
@@ -0,0 +1,24 @@
+diff -urpN kernel-source-2.6.8.orig/fs/nfs/nfs2xdr.c
kernel-source-2.6.8/fs/nfs/nfs2xdr.c
+--- kernel-source-2.6.8.orig/fs/nfs/nfs2xdr.c 2004-08-13 23:36:56.000000000
-0600
++++ kernel-source-2.6.8/fs/nfs/nfs2xdr.c 2006-08-16 20:21:08.934617717
-0600
+@@ -547,7 +547,7 @@ nfs_xdr_readlinkres(struct rpc_rqst *req
+ strlen = (u32*)kmap_atomic(rcvbuf->pages[0], KM_USER0);
+ /* Convert length of symlink */
+ len = ntohl(*strlen);
+- if (len > rcvbuf->page_len) {
++ if (len >= rcvbuf->page_len - sizeof(u32) || len > NFS2_MAXPATHLEN) {
+ dprintk(KERN_WARNING "nfs: server returned giant symlink!\n");
+ kunmap_atomic(strlen, KM_USER0);
+ return -ENAMETOOLONG;
+diff -urpN kernel-source-2.6.8.orig/fs/nfs/nfs3xdr.c
kernel-source-2.6.8/fs/nfs/nfs3xdr.c
+--- kernel-source-2.6.8.orig/fs/nfs/nfs3xdr.c 2004-08-13 23:38:10.000000000
-0600
++++ kernel-source-2.6.8/fs/nfs/nfs3xdr.c 2006-08-16 20:21:51.351645815
-0600
+@@ -742,7 +742,7 @@ nfs3_xdr_readlinkres(struct rpc_rqst *re
+ strlen = (u32*)kmap_atomic(rcvbuf->pages[0], KM_USER0);
+ /* Convert length of symlink */
+ len = ntohl(*strlen);
+- if (len > rcvbuf->page_len) {
++ if (len >= rcvbuf->page_len - sizeof(u32)) {
+ dprintk(KERN_WARNING "nfs: server returned giant symlink!\n");
+ kunmap_atomic(strlen, KM_USER0);
+ return -ENAMETOOLONG;
Modified:
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
==============================================================================
---
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
(original)
+++
dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge5
Thu Aug 17 03:07:14 2006
@@ -1,2 +1,3 @@
+ fs-ext3-bad-nfs-handle.dpatch
+ direct-io-write-mem-leak.dpatch
++ nfs-handle-long-symlinks.dpatch
_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes
