FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Ubuntu > Ubuntu Kernel Team

 
 
LinkBack Thread Tools
 
Old 04-20-2011, 09:48 PM
Leann Ogasawara
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
Tim Gardner (1):
UBUNTU: [Config] remove generated files

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
 
Old 04-20-2011, 09:48 PM
Leann Ogasawara
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
Dan Rosenberg (1):
CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
 
Old 04-21-2011, 07:14 AM
Stefan Bader
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

On 04/20/2011 11:48 PM, Leann Ogasawara wrote:
> The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
> Dan Rosenberg (1):
> CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711
>
> Dan Rosenberg (1):
> xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From 695e59df936c802f5e528b089ec209e7b987d8fb Mon Sep 17 00:00:00 2001
> From: Dan Rosenberg <drosenberg@vsecurity.com>
> Date: Mon, 14 Feb 2011 13:45:28 +0000
> Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> BugLink: http://bugs.launchpad.net/bugs/767740
>
> CVE-2011-0711
>
> The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
> xfs_fs_geometry() with a version number of 3. This code path does not
> fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
> the leaking of four bytes of uninitialized stack data to potentially
> unprivileged callers.
>
> v2 switches to memset() to avoid future issues if structure members
> change, on suggestion of Dave Chinner.
>
> Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
> Signed-off-by: Alex Elder <aelder@sgi.com>
> (cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)
>
> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
> ---
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
> index 37a6f62..4e7f02b 100644
> --- a/fs/xfs/xfs_fsops.c
> +++ b/fs/xfs/xfs_fsops.c
> @@ -57,6 +57,9 @@ xfs_fs_geometry(
> xfs_fsop_geom_t *geo,
> int new_version)
> {
> +
> + memset(geo, 0, sizeof(*geo));
> +
> geo->blocksize = mp->m_sb.sb_blocksize;
> geo->rtextsize = mp->m_sb.sb_rextsize;
> geo->agblocks = mp->m_sb.sb_agblocks;

Looks safe enough.

Acked-by: Stefan Bader <stefan.bade@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 04-21-2011, 07:15 AM
Stefan Bader
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

On 04/20/2011 11:48 PM, Leann Ogasawara wrote:
> The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
> Tim Gardner (1):
> UBUNTU: [Config] remove generated files
>
> are available in the git repository at:
>
> git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711
>
> Dan Rosenberg (1):
> xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> From 147f4ed49f1fe360bc61ebea34496bcca3dc4c85 Mon Sep 17 00:00:00 2001
> From: Dan Rosenberg <drosenberg@vsecurity.com>
> Date: Mon, 14 Feb 2011 13:45:28 +0000
> Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711
>
> BugLink: http://bugs.launchpad.net/bugs/767740
>
> CVE-2011-0711
>
> The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
> xfs_fs_geometry() with a version number of 3. This code path does not
> fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
> the leaking of four bytes of uninitialized stack data to potentially
> unprivileged callers.
>
> v2 switches to memset() to avoid future issues if structure members
> change, on suggestion of Dave Chinner.
>
> Signed-off-by: Dan Rosenberg <drosenberg@vsecurity.com>
> Reviewed-by: Eugene Teo <eugeneteo@kernel.org>
> Signed-off-by: Alex Elder <aelder@sgi.com>
> (cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)
>
> Signed-off-by: Leann Ogasawara <leann.ogasawara@canonical.com>
> ---
> fs/xfs/xfs_fsops.c | 3 +++
> 1 files changed, 3 insertions(+), 0 deletions(-)
>
> diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
> index c92d5b8..e6d08b0 100644
> --- a/fs/xfs/xfs_fsops.c
> +++ b/fs/xfs/xfs_fsops.c
> @@ -56,6 +56,9 @@ xfs_fs_geometry(
> xfs_fsop_geom_t *geo,
> int new_version)
> {
> +
> + memset(geo, 0, sizeof(*geo));
> +
> geo->blocksize = mp->m_sb.sb_blocksize;
> geo->rtextsize = mp->m_sb.sb_rextsize;
> geo->agblocks = mp->m_sb.sb_agblocks;

Acked-by: Stefan Bader <stefan.bader@canonical.com>

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 04-21-2011, 12:35 PM
Tim Gardner
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

On 04/20/2011 03:48 PM, Leann Ogasawara wrote:

The following changes since commit c34e0e04a2ea4b8c3af37e1f621c8ab61642200c:
Dan Rosenberg (1):
CAN: Use inode instead of kernel address for /proc file, CVE-2010-4565

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-maverick.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

From 695e59df936c802f5e528b089ec209e7b987d8fb Mon Sep 17 00:00:00 2001
From: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Mon, 14 Feb 2011 13:45:28 +0000
Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

BugLink: http://bugs.launchpad.net/bugs/767740

CVE-2011-0711

The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.

v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.

Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo<eugeneteo@kernel.org>
Signed-off-by: Alex Elder<aelder@sgi.com>
(cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)

Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com>
---
fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
index 37a6f62..4e7f02b 100644
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -57,6 +57,9 @@ xfs_fs_geometry(
xfs_fsop_geom_t *geo,
int new_version)
{
+
+ memset(geo, 0, sizeof(*geo));
+
geo->blocksize = mp->m_sb.sb_blocksize;
geo->rtextsize = mp->m_sb.sb_rextsize;
geo->agblocks = mp->m_sb.sb_agblocks;


applied

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 
Old 04-21-2011, 12:53 PM
Tim Gardner
 
Default xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

On 04/20/2011 03:48 PM, Leann Ogasawara wrote:

The following changes since commit 62419a42fd4f8a418e90ca0d474eae77c138152e:
Tim Gardner (1):
UBUNTU: [Config] remove generated files

are available in the git repository at:

git://kernel.ubuntu.com/ogasawara/ubuntu-hardy.git CVE-2011-0711

Dan Rosenberg (1):
xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

From 147f4ed49f1fe360bc61ebea34496bcca3dc4c85 Mon Sep 17 00:00:00 2001
From: Dan Rosenberg<drosenberg@vsecurity.com>
Date: Mon, 14 Feb 2011 13:45:28 +0000
Subject: [PATCH] xfs: prevent leaking uninitialized stack memory in FSGEOMETRY_V1, CVE-2011-0711

BugLink: http://bugs.launchpad.net/bugs/767740

CVE-2011-0711

The FSGEOMETRY_V1 ioctl (and its compat equivalent) calls out to
xfs_fs_geometry() with a version number of 3. This code path does not
fill in the logsunit member of the passed xfs_fsop_geom_t, leading to
the leaking of four bytes of uninitialized stack data to potentially
unprivileged callers.

v2 switches to memset() to avoid future issues if structure members
change, on suggestion of Dave Chinner.

Signed-off-by: Dan Rosenberg<drosenberg@vsecurity.com>
Reviewed-by: Eugene Teo<eugeneteo@kernel.org>
Signed-off-by: Alex Elder<aelder@sgi.com>
(cherry picked from commit 3a3675b7f23f83ca8c67c9c2b6edf707fd28d1ba)

Signed-off-by: Leann Ogasawara<leann.ogasawara@canonical.com>
---
fs/xfs/xfs_fsops.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/fs/xfs/xfs_fsops.c b/fs/xfs/xfs_fsops.c
index c92d5b8..e6d08b0 100644
--- a/fs/xfs/xfs_fsops.c
+++ b/fs/xfs/xfs_fsops.c
@@ -56,6 +56,9 @@ xfs_fs_geometry(
xfs_fsop_geom_t *geo,
int new_version)
{
+
+ memset(geo, 0, sizeof(*geo));
+
geo->blocksize = mp->m_sb.sb_blocksize;
geo->rtextsize = mp->m_sb.sb_rextsize;
geo->agblocks = mp->m_sb.sb_agblocks;


applied

--
Tim Gardner tim.gardner@canonical.com

--
kernel-team mailing list
kernel-team@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/kernel-team
 

Thread Tools




All times are GMT. The time now is 12:50 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org