[kernel] r6640 - in dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian: patches patches/series

Dann Frazier dannf at costa.debian.org
Sat May 20 07:28:54 UTC 2006 

Author: dannf
Date: Sat May 20 07:28:49 2006
New Revision: 6640

Added:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
Modified:
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
   dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3

Log:
* s390-strnlen_user-return.dpatch
  [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
  returning a value that is too large
  See CVE-2006-0456

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/changelog	Sat May 20 07:28:49 2006
@@ -77,8 +77,12 @@
     netfilter that allows local users with CAP_NET_ADMIN capabilities to
     read kernel memory
     See CVE-2006-0039
+  * s390-strnlen_user-return.dpatch
+    [SECURITY][s390] Fix local DoS on s390 that may result from strnlen_user
+    returning a value that is too large
+    See CVE-2006-0456
 
- -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 02:15:22 -0500
+ -- dann frazier <dannf at debian.org>  Sat, 20 May 2006 02:25:23 -0500
 
 kernel-source-2.6.8 (2.6.8-16sarge2) stable-security; urgency=high
 

Added: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch
==============================================================================
--- (empty file)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/s390-strnlen_user-return.dpatch	Sat May 20 07:28:49 2006
@@ -0,0 +1,55 @@
+From: Gerald Schaefer <geraldsc at de.ibm.com>
+Date: Wed, 8 Mar 2006 05:55:37 +0000 (-0800)
+Subject: [PATCH] s390: fix strnlen_user return value
+X-Git-Tag: v2.6.16-rc6
+X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=331c46591414f7f92b1cec048009abe89892ee79
+
+[PATCH] s390: fix strnlen_user return value
+
+strnlen_user is supposed to return then length count + 1 if no terminating \0
+is found, and it should return 0 on exception.  Found by David Howells
+<dhowells at redhat.com>.
+
+Signed-off-by: Gerald Schaefer <geraldsc at de.ibm.com>
+Signed-off-by: Heiko Carstens <heiko.carstens at de.ibm.com>
+Acked-By: David Howells <dhowells at redhat.com>
+Signed-off-by: Andrew Morton <akpm at osdl.org>
+Signed-off-by: Linus Torvalds <torvalds at osdl.org>
+---
+
+--- a/arch/s390/lib/uaccess.S
++++ b/arch/s390/lib/uaccess.S
+@@ -198,12 +198,12 @@ __strnlen_user_asm:
+ 0:	srst	%r2,%r1
+ 	jo	0b
+ 	sacf	0
+-	jh	1f		# \0 found in string ?
+ 	ahi	%r2,1		# strnlen_user result includes the \0
+-1:	slr	%r2,%r3
++				# or return count+1 if \0 not found
++	slr	%r2,%r3
+ 	br	%r14
+ 2:	sacf	0
+-	lhi	%r2,-EFAULT
++	slr	%r2,%r2		# return 0 on exception
+ 	br	%r14
+ 	.section __ex_table,"a"
+ 	.long	0b,2b
+--- a/arch/s390/lib/uaccess64.S
++++ b/arch/s390/lib/uaccess64.S
+@@ -194,12 +194,12 @@ __strnlen_user_asm:
+ 0:	srst	%r2,%r1
+ 	jo	0b
+ 	sacf	0
+-	jh	1f		# \0 found in string ?
+ 	aghi	%r2,1		# strnlen_user result includes the \0
+-1:	slgr	%r2,%r3
++				# or return count+1 if \0 not found
++	slgr	%r2,%r3
+ 	br	%r14
+ 2:	sacf	0
+-	lghi	%r2,-EFAULT
++	slgr	%r2,%r2		# return 0 on exception
+ 	br	%r14
+ 	.section __ex_table,"a"
+ 	.quad	0b,2b

Modified: dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3
==============================================================================
--- dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	(original)
+++ dists/sarge-security/kernel/source/kernel-source-2.6.8-2.6.8/debian/patches/series/2.6.8-16sarge3	Sat May 20 07:28:49 2006
@@ -21,3 +21,4 @@
 + amd64-fp-reg-leak-dep3.dpatch
 + amd64-fp-reg-leak.dpatch
 + do_add_counters-race.dpatch
++ s390-strnlen_user-return.dpatch

More information about the Kernel-svn-changes mailing list