The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
Tim Gardner (1):
UBUNTU: [Config] remove generated files

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
Dan Rosenberg (1):
CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

On 04/20/2011 11:48 PM, Leann Ogasawara wrote:
> The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
> Dan Rosenberg (1):
> CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711
>
> Dan Rosenberg (1):
> xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From 695e59df936c802f5e528b089ec209e7b987d8fb Mon Sep 17 00:00:00 2001
> From: Dan Rosenberg <drosenberg@vsecurity.com>
> Date: Mon, 14 Feb 2011 13:45:28 +0000
> Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> BugLink: http://bugs.launchpad.net/bugs/767740
>
> CVE-2011-0711
>
> The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
> xfs_fs_geometry() with a version number of 3. This code path does not
> fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
> the leaking of four bytes of uninitialized stack data to potentially
> unprivileged callers.
>
> v2 switches to memset() to avoid future issues if structure members
> change, on suggestion of Dave Chinner.
>
> Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
> Signed-off-by: Alex Elder <aelder@sgi.com>
> (cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)
>
> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
> ---
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
> index 37a6f62..4e7f02b 100644
> --- a/fs/xfs/xfs_fsops.c
> +++ b/fs/xfs/xfs_fsops.c
> @@ -57,6 +57,9 @@ xfs_fs_geometry(
> xfs_fsop_geom_t *geo,
> int new_version)
> {
> +
> + memset(geo, 0, sizeof(*geo));
> +
> geo->blocksize = mp->m_sb.sb_blocksize;
> geo->rtextsize = mp->m_sb.sb_rextsize;
> geo->agblocks = mp->m_sb.sb_agblocks;

Looks safe enough.

Acked-by: Stefan Bader <stefan.bade@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On 04/20/2011 11:48 PM, Leann Ogasawara wrote:
> The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
> Tim Gardner (1):
> UBUNTU: [Config] remove generated files
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711
>
> Dan Rosenberg (1):
> xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From 147f4ed49f1fe360bc61ebea34496bcca3dc4c85 Mon Sep 17 00:00:00 2001
> From: Dan Rosenberg <drosenberg@vsecurity.com>
> Date: Mon, 14 Feb 2011 13:45:28 +0000
> Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> BugLink: http://bugs.launchpad.net/bugs/767740
>
> CVE-2011-0711
>
> The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
> xfs_fs_geometry() with a version number of 3. This code path does not
> fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
> the leaking of four bytes of uninitialized stack data to potentially
> unprivileged callers.
>
> v2 switches to memset() to avoid future issues if structure members
> change, on suggestion of Dave Chinner.
>
> Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
> Signed-off-by: Alex Elder <aelder@sgi.com>
> (cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)
>
> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
> ---
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
> index c92d5b8..e6d08b0 100644
> --- a/fs/xfs/xfs_fsops.c
> +++ b/fs/xfs/xfs_fsops.c
> @@ -56,6 +56,9 @@ xfs_fs_geometry(
> xfs_fsop_geom_t *geo,
> int new_version)
> {
> +
> + memset(geo, 0, sizeof(*geo));
> +
> geo->blocksize = mp->m_sb.sb_blocksize;
> geo->rtextsize = mp->m_sb.sb_rextsize;
> geo->agblocks = mp->m_sb.sb_agblocks;

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On 04/20/2011 03:48 PM, Leann Ogasawara wrote:

The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
Dan Rosenberg (1):
CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

From 695e59df936c802f5e528b089ec209e7b987d8fb Mon Sep 17 00:00:00 2001
From: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Mon, 14 Feb 2011 13:45:28 +0000
Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

BugLink: http://bugs.launchpad.net/bugs/767740

CVE-2011-0711

The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.

v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.

Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo<eugeneteo@kernel.org>
Signed-off-by: Alex Elder<aelder@sgi.com>
(cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)

Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com>
---
fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
index 37a6f62..4e7f02b 100644
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -57,6 +57,9 @@ xfs_fs_geometry(
xfs_fsop_geom_t *geo,
int new_version)
{
+
+ memset(geo, 0, sizeof(*geo));
+
geo->blocksize = mp->m_sb.sb_blocksize;
geo->rtextsize = mp->m_sb.sb_rextsize;
geo->agblocks = mp->m_sb.sb_agblocks;


applied

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team

On 04/20/2011 03:48 PM, Leann Ogasawara wrote:

The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
Tim Gardner (1):
UBUNTU: [Config] remove generated files

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

From 147f4ed49f1fe360bc61ebea34496bcca3dc4c85 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Mon, 14 Feb 2011 13:45:28 +0000
Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

BugLink: http://bugs.launchpad.net/bugs/767740

CVE-2011-0711

The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.

v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.

Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo<eugeneteo@kernel.org>
Signed-off-by: Alex Elder<aelder@sgi.com>
(cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)

Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com>
---
fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
index c92d5b8..e6d08b0 100644
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -56,6 +56,9 @@ xfs_fs_geometry(
xfs_fsop_geom_t *geo,
int new_version)
{
+
+ memset(geo, 0, sizeof(*geo));
+
geo->blocksize = mp->m_sb.sb_blocksize;
geo->rtextsize = mp->m_sb.sb_rextsize;
geo->agblocks = mp->m_sb.sb_agblocks;


applied

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team