[kernel] r18001 - in dists/squeeze-security/linux-2.6/debian: . patches/bugfix/all patches/series
Dann Frazier
dannf at alioth.debian.org
Thu Aug 25 03:07:07 UTC 2011
Author: dannf
Date: Thu Aug 25 03:07:06 2011
New Revision: 18001
Log:
befs: Validate length of long symbolic links (CVE-2011-2928)
Added:
dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/befs-validate-length-of-long-symbolic-links.patch
Modified:
dists/squeeze-security/linux-2.6/debian/changelog
dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
Modified: dists/squeeze-security/linux-2.6/debian/changelog
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 25 02:44:30 2011 (r18000)
+++ dists/squeeze-security/linux-2.6/debian/changelog Thu Aug 25 03:07:06 2011 (r18001)
@@ -15,6 +15,7 @@
* comedi: fix infoleak to userspace (CVE-2011-2909)
* restrict access to /proc/pid/* after setuid exec (CVE-2011-1020)
* cifs: fix possible memory corruption in CIFSFindNext (CVE-2011-3191)
+ * befs: Validate length of long symbolic links (CVE-2011-2928)
[ Moritz Muehlenhoff ]
* si4713-i2c: avoid potential buffer overflow on si4713 (CVE-2011-2700)
Added: dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/befs-validate-length-of-long-symbolic-links.patch
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ dists/squeeze-security/linux-2.6/debian/patches/bugfix/all/befs-validate-length-of-long-symbolic-links.patch Thu Aug 25 03:07:06 2011 (r18001)
@@ -0,0 +1,45 @@
+commit 338d0f0a6fbc82407864606f5b64b75aeb3c70f2
+Author: Timo Warns <Warns at pre-sense.de>
+Date: Wed Aug 17 17:59:56 2011 +0200
+
+ befs: Validate length of long symbolic links.
+
+ Signed-off-by: Timo Warns <warns at pre-sense.de>
+ Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>
+
+diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c
+index 54b8c28..720d885 100644
+--- a/fs/befs/linuxvfs.c
++++ b/fs/befs/linuxvfs.c
+@@ -474,17 +474,22 @@ befs_follow_link(struct dentry *dentry, struct nameidata *nd)
+ befs_data_stream *data = &befs_ino->i_data.ds;
+ befs_off_t len = data->size;
+
+- befs_debug(sb, "Follow long symlink");
+-
+- link = kmalloc(len, GFP_NOFS);
+- if (!link) {
+- link = ERR_PTR(-ENOMEM);
+- } else if (befs_read_lsymlink(sb, data, link, len) != len) {
+- kfree(link);
+- befs_error(sb, "Failed to read entire long symlink");
++ if (len == 0) {
++ befs_error(sb, "Long symlink with illegal length");
+ link = ERR_PTR(-EIO);
+ } else {
+- link[len - 1] = '\0';
++ befs_debug(sb, "Follow long symlink");
++
++ link = kmalloc(len, GFP_NOFS);
++ if (!link) {
++ link = ERR_PTR(-ENOMEM);
++ } else if (befs_read_lsymlink(sb, data, link, len) != len) {
++ kfree(link);
++ befs_error(sb, "Failed to read entire long symlink");
++ link = ERR_PTR(-EIO);
++ } else {
++ link[len - 1] = '\0';
++ }
+ }
+ } else {
+ link = befs_ino->i_data.symlink;
Modified: dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1
==============================================================================
--- dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 25 02:44:30 2011 (r18000)
+++ dists/squeeze-security/linux-2.6/debian/patches/series/35squeeze1 Thu Aug 25 03:07:06 2011 (r18001)
@@ -22,3 +22,4 @@
+ bugfix/all/auxv-require-the-target-or-self-to-be-traceable.patch
+ bugfix/all/proc-syscall-stack-personality-races.patch
+ bugfix/all/cifs-fix-possible-memory-corruption-in-CIFSFindNext.patch
++ bugfix/all/befs-validate-length-of-long-symbolic-links.patch
More information about the Kernel-svn-changes
mailing list