FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 02-21-2011, 07:27 AM
Stefan Bader
 
Default Karmic CVE-2010-4163: block: check for proper length of iov entries earlier in blk_rq_map_user_iov()

Acked-by: Stefan Bader <stefan.bader@canonical.com>

On 02/18/2011 10:02 PM, Tim Gardner wrote:
> The following changes since commit 41866a96c222c7d5d3da3abffb166ff3b80e1f3b:
> Steve Conklin (1):
> UBUNTU: Ubuntu-2.6.31-22.73
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4163
>
> Jens Axboe (1):
> block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163
>
> Xiaotian Feng (1):
> block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163
>
> block/blk-map.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From 341514d149fbeca645542fb13b2b2bb10ef5274e Mon Sep 17 00:00:00 2001
> From: Jens Axboe <jaxboe@fusionio.com>
> Date: Fri, 29 Oct 2010 08:10:18 -0600
> Subject: [PATCH 1/2] block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163
>
> BugLink: http://bugs.launchpad.net/bugs/721504
>
> CVE-2010-4163
>
> Ensure that we pass down properly validated iov segments before
> calling into the mapping or copy functions.
>
> Reported-by: Dan Rosenberg <drosenberg@vsecurity.com>
> Cc: stable@kernel.org
> Signed-off-by: Jens Axboe <jaxboe@fusionio.com>
> (cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689)
>
> Signed-off-by: Tim Gardner <tim.gardner@canonical.com>
> ---
> block/blk-map.c | 2 ++
> 1 files changed, 2 insertions(+), 0 deletions(-)
>
> diff --git a/block/blk-map.c b/block/blk-map.c
> index 9083cf0..30a7e51 100644
> --- a/block/blk-map.c
> +++ b/block/blk-map.c
> @@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
> unaligned = 1;
> break;
> }
> + if (!iov[i].iov_len)
> + return -EINVAL;
> }
>
> if (unaligned || (q->dma_pad_mask & len) || map_data)


--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 03:29 PM
Brad Figg
 
Default Karmic CVE-2010-4163: block: check for proper length of iov entries earlier in blk_rq_map_user_iov()

On 02/18/2011 01:02 PM, Tim Gardner wrote:

The following changes since commit 41866a96c222c7d5d3da3abffb166ff3b80e1f3b:
Steve Conklin (1):
UBUNTU: Ubuntu-2.6.31-22.73

are available in the git repository at:

git://kernel.ubuntu.com/rtg/ubuntu-karmic.git CVE-2010-4163

Jens Axboe (1):
block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163

Xiaotian Feng (1):
block: check for proper length of iov entries earlier in blk_rq_map_user_iov(), CVE-2010-4163

block/blk-map.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

From 341514d149fbeca645542fb13b2b2bb10ef5274e Mon Sep 17 00:00:00 2001
From: Jens Axboe<jaxboe@fusionio.com>
Date: Fri, 29 Oct 2010 08:10:18 -0600
Subject: [PATCH 1/2] block: check for proper length of iov entries in blk_rq_map_user_iov(), CVE-2010-4163

BugLink: http://bugs.launchpad.net/bugs/721504

CVE-2010-4163

Ensure that we pass down properly validated iov segments before
calling into the mapping or copy functions.

Reported-by: Dan Rosenberg<drosenberg@vsecurity.com>
Cc: stable@kernel.org
Signed-off-by: Jens Axboe<jaxboe@fusionio.com>
(cherry picked from commit 9284bcf4e335e5f18a8bc7b26461c33ab60d0689)

Signed-off-by: Tim Gardner<tim.gardner@canonical.com>
---
block/blk-map.c | 2 ++
1 files changed, 2 insertions(+), 0 deletions(-)

diff --git a/block/blk-map.c b/block/blk-map.c
index 9083cf0..30a7e51 100644
--- a/block/blk-map.c
+++ b/block/blk-map.c
@@ -205,6 +205,8 @@ int blk_rq_map_user_iov(struct request_queue *q, struct request *rq,
unaligned = 1;
break;
}
+ if (!iov[i].iov_len)
+ return -EINVAL;
}

if (unaligned || (q->dma_pad_mask& len) || map_data)


Acked-by: Brad Figg <brad.figg@canonical.com>

--
Brad Figg brad.figg@canonical.com http://www.canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 02-22-2011, 04:47 PM
Tim Gardner
 
Default Karmic CVE-2010-4163: block: check for proper length of iov entries earlier in blk_rq_map_user_iov()

applied
--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 07:42 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org