[kernel] r10466 - in dists/etch-security/linux-2.6/debian: . patches/bugfix patches/series

Sun, 10 Feb 2008 06:25:30 -0800 

Author: waldi
Date: Sun Feb 10 14:24:44 2008
New Revision: 10466

Log:
[SECURITY] Fix missing access check in vmsplice.

* debian/changelog: Update.
* debian/patches/bugfix/vmsplice-security.patch: Add.
* debian/patches/series/17etch2: Add new patch.


Added:
   dists/etch-security/linux-2.6/debian/patches/bugfix/vmsplice-security.patch
   dists/etch-security/linux-2.6/debian/patches/series/17etch2
Modified:
   dists/etch-security/linux-2.6/debian/changelog

Modified: dists/etch-security/linux-2.6/debian/changelog
==============================================================================
--- dists/etch-security/linux-2.6/debian/changelog      (original)
+++ dists/etch-security/linux-2.6/debian/changelog      Sun Feb 10 14:24:44 2008
@@ -1,3 +1,11 @@
+linux-2.6 (2.6.18.dfsg.1-17etch2) UNRELEASED; urgency=low
+
+  * bugfix/vmsplice-security.patch
+    [SECURITY] Fix missing access check in vmsplice.
+    See CVE-2008-0009
+
+ -- Bastian Blank <[EMAIL PROTECTED]>  Sun, 10 Feb 2008 11:45:36 +0100
+
 linux-2.6 (2.6.18.dfsg.1-17etch1) stable-security; urgency=high
 
   * bugfix/i4l-isdn_ioctl-mem-overrun.patch

Added: 
dists/etch-security/linux-2.6/debian/patches/bugfix/vmsplice-security.patch
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/bugfix/vmsplice-security.patch 
Sun Feb 10 14:24:44 2008
@@ -0,0 +1,28 @@
+diff --git a/fs/splice.c b/fs/splice.c
+index 684bca3..2d7e598 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec 
__user *iov,
+               size_t len;
+               int i;
+ 
++              if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {
++                      error = -EFAULT;
++                      break;
++              }
++
+               /*
+                * Get user address base and length for this iovec.
+                */
+@@ -1141,6 +1146,11 @@ static int get_iovec_page_array(const struct iovec 
__user *iov,
+               if (unlikely(!base))
+                       break;
+ 
++              if (!access_ok(VERIFY_READ, base, len)) {
++                      error = -EFAULT;
++                      break;
++              }
++
+               /*
+                * Get this base offset and number of pages, then map
+                * in the user pages.

Added: dists/etch-security/linux-2.6/debian/patches/series/17etch2
==============================================================================
--- (empty file)
+++ dists/etch-security/linux-2.6/debian/patches/series/17etch2 Sun Feb 10 
14:24:44 2008
@@ -0,0 +1 @@
++ bugfix/vmsplice-security.patch

_______________________________________________
Kernel-svn-changes mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/kernel-svn-changes

Reply via email to