FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 10-29-2010, 02:10 PM
Jens Axboe
 
Default block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163

BugLink: http://bugs.launchpad.net/bugs/721504

CVE-2010-4163

Ensure that we pass down properly validated iov segments before
calling into the mapping or copy functions.

Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
(cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689)

Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
---
block/blk-map.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/block/blk-map.c b/block/blk-map.c
index 9083cf0..30a7e51 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
unaligned = 1;
break;
}
+ if (!iov[i].iov_len)
+ return -EINVAL;
}

if (unaligned || (q->dma_pad_mask & len) || map_data)
--
1.7.0.4
 

Thread Tools




All times are GMT. The time now is 06:44 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org