Bug 458758 - kernel: dlm: dlm/user.c input validation fixes [mrg-1]
kernel: dlm: dlm/user.c input validation fixes [mrg-1]
Status: CLOSED ERRATA
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
1.0
All Linux
medium Severity medium
: 1.0.3
: ---
Assigned To: Red Hat Real Time Maintenance
:
Depends On:
Blocks: 458759 458760 458761 458762
  Show dependency treegraph
 
Reported: 2008-08-12 00:17 EDT by Eugene Teo (Security Response)
Modified: 2008-10-07 15:20 EDT (History)
5 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-10-07 15:20:58 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
Upstream patch for this issue (2.83 KB, patch)
2008-08-12 00:20 EDT, Eugene Teo (Security Response)
no flags Details | Diff
Patch modified by Eugene Teo, including the missing bits for -77 (3.03 KB, patch)
2008-08-13 15:11 EDT, Luis Claudio R. Goncalves
no flags Details | Diff

  None (edit)
Description Eugene Teo (Security Response) 2008-08-12 00:17:23 EDT
Description of problem:
a) in device_write(): add sentinel NUL byte, making sure that lspace.name will be NUL-terminated
b) in compat_input() be keep it simple about the amounts of data we are copying.
Comment 2 Eugene Teo (Security Response) 2008-08-12 00:20:32 EDT
Created attachment 314043 [details]
Upstream patch for this issue
Comment 3 Luis Claudio R. Goncalves 2008-08-12 15:47:26 EDT
Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76. But the first three hunks are related to a code that is slightly different. I havo no problems in backporting a bit more of code, but I would like to know if it is necessary.
Comment 4 Eugene Teo (Security Response) 2008-08-12 20:25:36 EDT
(In reply to comment #3)
> Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76.
> But the first three hunks are related to a code that is slightly different. I
> have no problems in backporting a bit more of code, but I would like to know if
> it is necessary.

It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4. cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input().
Comment 5 Luis Claudio R. Goncalves 2008-08-13 15:11:33 EDT
Created attachment 314237 [details]
Patch modified by Eugene Teo, including the missing bits for -77

This is a slightly modified version of the patch described below.

It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4.
cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input().

Eugene Teo backported the patch and a few needed bits in order to apply this
patch to 2.6.24.7-77.


-- Queued to -77
Comment 7 David Sommerseth 2008-09-23 12:21:04 EDT
Verified that the patch in attachment https://bugzilla.redhat.com/attachment.cgi?id=314237 is implemented into the mrg-rt-2.6.24.7-81 kernel.  (mrt-rt.git commit 28f423a1d6b4a09fedd8aa0a27fa873200f93281)
Comment 9 errata-xmlrpc 2008-10-07 15:20:58 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0857.html

Note You need to log in before you can comment on or make changes to this bug.