rpms/kernel/devel linux-2.6-ecryptfs-overflow-fixes.patch, NONE, 1.1 kernel.spec, 1.1665, 1.1666
Eric Sandeen
sandeen at fedoraproject.org
Tue Jul 28 19:35:14 UTC 2009
- Previous message (by thread): rpms/nss_ldap/F-10 nss_ldap-264-checkcase.patch, NONE, 1.1 nss_ldap-264-cloexec.patch, NONE, 1.1 nss_ldap-264-ent_internal.patch, NONE, 1.1 pam_ldap-183-releaseconfig.patch, NONE, 1.1 pam_ldap-184-nsrole.patch, NONE, 1.1 nss_ldap.spec, 1.104, 1.105
- Next message (by thread): comps/po it.po,1.32,1.33
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: sandeen
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25729
Modified Files:
kernel.spec
Added Files:
linux-2.6-ecryptfs-overflow-fixes.patch
Log Message:
* Tue Jul 28 2009 Eric Sandeen <sandeen at redhat.com> 2.6.31-0.102.rc4.git2
- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)
linux-2.6-ecryptfs-overflow-fixes.patch:
keystore.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- NEW FILE linux-2.6-ecryptfs-overflow-fixes.patch ---
[PATCH 1/2] eCryptfs: Check Tag 11 literal data buffer size
Tag 11 packets are stored in the metadata section of an eCryptfs file to
store the key signature(s) used to encrypt the file encryption key.
After extracting the packet length field to determine the key signature
length, a check is not performed to see if the length would exceed the
key signature buffer size that was passed into parse_tag_11_packet().
Thanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
[PATCH 2/2] eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.
Signed-off-by: Ramon de Carvalho Valle <ramon at risesecurity.org>
[tyhicks at linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
---
fs/ecryptfs/keystore.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
Index: linux-2.6.30.noarch/fs/ecryptfs/keystore.c
===================================================================
--- linux-2.6.30.noarch.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.30.noarch/fs/ecryptfs/keystore.c
@@ -1303,6 +1303,13 @@ parse_tag_3_packet(struct ecryptfs_crypt
}
(*new_auth_tok)->session_key.encrypted_key_size =
(body_size - (ECRYPTFS_SALT_SIZE + 5));
+ if ((*new_auth_tok)->session_key.encrypted_key_size
+ > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
+ printk(KERN_WARNING "Tag 3 packet contains key larger "
+ "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
+ rc = -EINVAL;
+ goto out_free;
+ }
if (unlikely(data[(*packet_size)++] != 0x04)) {
printk(KERN_WARNING "Unknown version number [%d]\n",
data[(*packet_size) - 1]);
@@ -1455,6 +1462,12 @@ parse_tag_11_packet(unsigned char *data,
rc = -EINVAL;
goto out;
}
+ if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
+ printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
+ "expected size\n");
+ rc = -EINVAL;
+ goto out;
+ }
if (data[(*packet_size)++] != 0x62) {
printk(KERN_WARNING "Unrecognizable packet\n");
rc = -EINVAL;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.1665
retrieving revision 1.1666
diff -u -p -r1.1665 -r1.1666
--- kernel.spec 28 Jul 2009 16:03:52 -0000 1.1665
+++ kernel.spec 28 Jul 2009 19:35:14 -0000 1.1666
@@ -607,6 +607,8 @@ Patch150: linux-2.6.29-sparc-IOC_TYPECHE
Patch160: linux-2.6-execshield.patch
+Patch200: linux-2.6-ecryptfs-overflow-fixes.patch
+
Patch250: linux-2.6-debug-sizeof-structs.patch
Patch260: linux-2.6-debug-nmi-timeout.patch
Patch270: linux-2.6-debug-taint-vm.patch
@@ -1151,6 +1153,9 @@ ApplyPatch linux-2.6-execshield.patch
# btrfs
+# eCryptfs
+ApplyPatch linux-2.6-ecryptfs-overflow-fixes.patch
+
# NFSv4
ApplyPatch linux-2.6-nfsd4-proots.patch
@@ -1898,8 +1903,8 @@ fi
# and build.
%changelog
-* Tue Jul 28 2009 Ben Skeggs <bskeggs at redhat.com>
-- drm-nouveau.patch: tile shared fb area on nv50
+* Tue Jul 28 2009 Eric Sandeen <sandeen at redhat.com> 2.6.31-0.102.rc4.git2
+- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)
* Tue Jul 28 2009 Kyle McMartin <kyle at redhat.com> 2.6.31-0.101.rc4.git2
- 2.6.31-rc4-git2
- Previous message (by thread): rpms/nss_ldap/F-10 nss_ldap-264-checkcase.patch, NONE, 1.1 nss_ldap-264-cloexec.patch, NONE, 1.1 nss_ldap-264-ent_internal.patch, NONE, 1.1 pam_ldap-183-releaseconfig.patch, NONE, 1.1 pam_ldap-184-nsrole.patch, NONE, 1.1 nss_ldap.spec, 1.104, 1.105
- Next message (by thread): comps/po it.po,1.32,1.33
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list