Bug 458762 - kernel: dlm: dlm/user.c input validation fixes [rhel-4.8]
kernel: dlm: dlm/user.c input validation fixes [rhel-4.8]
Product: Red Hat Cluster Suite
Classification: Red Hat
Component: dlm-kernel (Show other bugs)
All Linux
urgent Severity urgent
: rc
: ---
Assigned To: David Teigland
Cluster QE
: ZStream
Depends On: 458758
Blocks: 460369
  Show dependency treegraph
Reported: 2008-08-12 00:33 EDT by Eugene Teo (Security Response)
Modified: 2009-05-18 17:17 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2009-05-18 17:17:12 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2008-08-12 00:33:59 EDT
+++ This bug was initially created as a clone of Bug #458758 +++

Description of problem:
a) in device_write(): add sentinel NUL byte, making sure that lspace.name will be NUL-terminated
b) in compat_input() be keep it simple about the amounts of data we are copying.

--- Additional comment from eteo@redhat.com on 2008-08-12 00:19:34 EDT ---

Proposed upstream patch:

--- Additional comment from eteo@redhat.com on 2008-08-12 00:20:32 EDT ---

Created an attachment (id=314043)
Upstream patch for this issue
Comment 2 Kiersten (Kerri) Anderson 2008-08-12 10:43:07 EDT
DLM is not part of the core kernel in rhel 4 and is provided as part of the
cluster products so changing product name and flags to be appropriate.
Comment 3 Eugene Teo (Security Response) 2008-08-12 11:07:56 EDT
The code in rhel-4's version of dlm is quite different from rhel-5. I am not sure if the changes in device_write (dlm_write in this version) needs the change. Please verify. Thanks.
Comment 4 David Teigland 2008-08-19 13:28:31 EDT
commit in RHEL4 branch a479ddb2fa97033ce44ce11ae28925c55b176a55
commit in RHEL47 branch d8417ee4673aa8c07f9d314704000e248081416b
Comment 9 errata-xmlrpc 2009-05-18 17:17:12 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.


Note You need to log in before you can comment on or make changes to this bug.