Bug 458762 - kernel: dlm: dlm/user.c input validation fixes [rhel-4.8]
kernel: dlm: dlm/user.c input validation fixes [rhel-4.8]
Status: CLOSED ERRATA
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: dlm-kernel (Show other bugs)
4
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: David Teigland
Cluster QE
: ZStream
Depends On: 458758
Blocks: 460369
  Show dependency treegraph
 
Reported: 2008-08-12 00:33 EDT by Eugene Teo (Security Response)
Modified: 2009-05-18 17:17 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-05-18 17:17:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2008-08-12 00:33:59 EDT
+++ This bug was initially created as a clone of Bug #458758 +++

Description of problem:
a) in device_write(): add sentinel NUL byte, making sure that lspace.name will be NUL-terminated
b) in compat_input() be keep it simple about the amounts of data we are copying.

--- Additional comment from eteo@redhat.com on 2008-08-12 00:19:34 EDT ---

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb79f1998d89821a4dbac47f59a46ee3fbbf3c61

--- Additional comment from eteo@redhat.com on 2008-08-12 00:20:32 EDT ---

Created an attachment (id=314043)
Upstream patch for this issue
Comment 2 Kiersten (Kerri) Anderson 2008-08-12 10:43:07 EDT
DLM is not part of the core kernel in rhel 4 and is provided as part of the
cluster products so changing product name and flags to be appropriate.
Comment 3 Eugene Teo (Security Response) 2008-08-12 11:07:56 EDT
The code in rhel-4's version of dlm is quite different from rhel-5. I am not sure if the changes in device_write (dlm_write in this version) needs the change. Please verify. Thanks.
Comment 4 David Teigland 2008-08-19 13:28:31 EDT
commit in RHEL4 branch a479ddb2fa97033ce44ce11ae28925c55b176a55
commit in RHEL47 branch d8417ee4673aa8c07f9d314704000e248081416b
Comment 9 errata-xmlrpc 2009-05-18 17:17:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2009-1051.html

Note You need to log in before you can comment on or make changes to this bug.