Bug 458758 - kernel: dlm: dlm/user.c input validation fixes [mrg-1]
Summary: kernel: dlm: dlm/user.c input validation fixes [mrg-1]
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel
Version: 1.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: 1.0.3
: ---
Assignee: Red Hat Real Time Maintenance
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 458759 458760 458761 458762
TreeView+ depends on / blocked
 
Reported: 2008-08-12 04:17 UTC by Eugene Teo (Security Response)
Modified: 2008-10-07 19:20 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2008-10-07 19:20:58 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)
Upstream patch for this issue (2.83 KB, patch)
2008-08-12 04:20 UTC, Eugene Teo (Security Response) 		no flags Details | Diff
Patch modified by Eugene Teo, including the missing bits for -77 (3.03 KB, patch)
2008-08-13 19:11 UTC, Luis Claudio R. Goncalves 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2008:0857 0 normal SHIPPED_LIVE Important: kernel security and bug fix update 2008-10-07 19:18:59 UTC

Description Eugene Teo (Security Response) 2008-08-12 04:17:23 UTC 
Description of problem:
a) in device_write(): add sentinel NUL byte, making sure that lspace.name will be NUL-terminated
b) in compat_input() be keep it simple about the amounts of data we are copying.
Comment 1 Eugene Teo (Security Response) 2008-08-12 04:19:34 UTC 
Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb79f1998d89821a4dbac47f59a46ee3fbbf3c61
Comment 2 Eugene Teo (Security Response) 2008-08-12 04:20:32 UTC 
Created attachment 314043 [details]
Upstream patch for this issue
Comment 3 Luis Claudio R. Goncalves 2008-08-12 19:47:26 UTC 
Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76. But the first three hunks are related to a code that is slightly different. I havo no problems in backporting a bit more of code, but I would like to know if it is necessary.
Comment 4 Eugene Teo (Security Response) 2008-08-13 00:25:36 UTC 
(In reply to comment #3)
> Eugene, the last two hunks can be applied to the code we have in 2.6.24.7-76.
> But the first three hunks are related to a code that is slightly different. I
> have no problems in backporting a bit more of code, but I would like to know if
> it is necessary.

It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4. cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input().
Comment 5 Luis Claudio R. Goncalves 2008-08-13 19:11:33 UTC 
Created attachment 314237 [details]
Patch modified by Eugene Teo, including the missing bits for -77

This is a slightly modified version of the patch described below.

It is slightly different because of 2a79289e87f3b6487b5fd23c8569f32097057fb4.
cb79f1998d89821a4dbac47f59a46ee3fbbf3c61 went in later to fix compat_input().

Eugene Teo backported the patch and a few needed bits in order to apply this
patch to 2.6.24.7-77.


-- Queued to -77
Comment 7 David Sommerseth 2008-09-23 16:21:04 UTC 
Verified that the patch in attachment https://bugzilla.redhat.com/attachment.cgi?id=314237 is implemented into the mrg-rt-2.6.24.7-81 kernel.  (mrt-rt.git commit 28f423a1d6b4a09fedd8aa0a27fa873200f93281)
Comment 9 errata-xmlrpc 2008-10-07 19:20:58 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2008-0857.html
Note You need to log in before you can comment on or make changes to this bug.