debian-packaging
/
linux
8
0
Fork 0
Code Releases Activity

nuke amd64-insert_vm_struct-leak.patch, it was already added in 2.6.12.4. 

svn path=/dists/sid/linux-2.6/; revision=4128
This commit is contained in:
Andres Salomon 2005-09-06 06:38:39 +00:00
parent 2e1747ab4b
commit 1046a20511
3 changed files with 1 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/changelog vendored
View File

@ -24,8 +24,6 @@ linux-2.6 (2.6.12-6) UNRELEASED; urgency=low
- [SECURITY] fix a memory leak in devices seq_file implementation;
local DoS.
- [SECURITY] Fix SKB leak in ip6_input_finish(); local DoS.
* [SECURITY: CAN-2005-2617] amd64-insert_vm_struct-leak.patch
TASK_SIZE fixes for compatibility mode processes.
-- Simon Horman <horms@debian.org> Thu, 1 Sep 2005 17:02:35 +0900
@ -144,7 +142,7 @@ linux-2.6 (2.6.12-2) unstable; urgency=low
- Fix potential memory corruption in NAT code (aka memory NAT)
- Fix deadlock in ip6_queue
- Fix signedness issues in net/core/filter.c
- x86_64 memleak from malicious 32bit elf program
- x86_64 memleak from malicious 32bit elf program (CAN-2005-2617)
- rocket.c: Fix ldisc ref count handling
- kbuild: build TAGS problem with O=

42
debian/patches-debian/amd64-insert_vm_struct-leak.patch vendored
View File

@ -1,42 +0,0 @@
From: Siddha, Suresh B <suresh.b.siddha@intel.com>
Date: Sat, 16 Jul 2005 02:17:44 +0000 (-0700)
Subject: [PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
X-Git-Tag: v2.6.13-rc4
X-Git-Url: http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=9fb1759a3102c26cd8f64254a7c3e532782c2bb8
[PATCH] x86_64: TASK_SIZE fixes for compatibility mode processes
A malicious 32bit app can have an elf section at 0xffffe000. During
exec of this app, we will have a memory leak as insert_vm_struct() is
not checking for return value in syscall32_setup_pages() and thus not
freeing the vma allocated for the vsyscall page.
Check the return value and free the vma incase of failure.
Signed-off-by: Suresh Siddha <suresh.b.siddha@intel.com>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---
--- a/arch/x86_64/ia32/syscall32.c
+++ b/arch/x86_64/ia32/syscall32.c
@@ -57,6 +57,7 @@ int syscall32_setup_pages(struct linux_b
int npages = (VSYSCALL32_END - VSYSCALL32_BASE) >> PAGE_SHIFT;
struct vm_area_struct *vma;
struct mm_struct *mm = current->mm;
+ int ret;
vma = kmem_cache_alloc(vm_area_cachep, SLAB_KERNEL);
if (!vma)
@@ -78,7 +79,11 @@ int syscall32_setup_pages(struct linux_b
vma->vm_mm = mm;
down_write(&mm->mmap_sem);
- insert_vm_struct(mm, vma);
+ if ((ret = insert_vm_struct(mm, vma))) {
+ up_write(&mm->mmap_sem);
+ kmem_cache_free(vm_area_cachep, vma);
+ return ret;
+ }
mm->total_vm += npages;
up_write(&mm->mmap_sem);
return 0;

1
debian/patches-debian/series/2.6.12-6 vendored
View File

@ -1,2 +1 @@
+ 2.6.12.6.patch
+ amd64-insert_vm_struct-leak.patch