diff options
author | Paul Gortmaker <paul.gortmaker@windriver.com> | 2011-10-18 09:42:08 -0400 |
---|---|---|
committer | Paul Gortmaker <paul.gortmaker@windriver.com> | 2011-10-18 09:42:08 -0400 |
commit | 856aada97f454fc1d99648051885ac7f7ceecf83 (patch) | |
tree | 33617d7a2d29513f6fc0f80fc6943ab466f42b29 | |
parent | 96d5c2734bf17d5665efd0c0c777ea826dab4b68 (diff) | |
download | longterm-queue-2.6.34-856aada97f454fc1d99648051885ac7f7ceecf83.tar.gz |
add befs CVE-2011-2928 patch
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
-rw-r--r-- | queue/befs-Validate-length-of-long-symbolic-links.patch | 50 | ||||
-rw-r--r-- | queue/series | 1 |
2 files changed, 51 insertions, 0 deletions
diff --git a/queue/befs-Validate-length-of-long-symbolic-links.patch b/queue/befs-Validate-length-of-long-symbolic-links.patch new file mode 100644 index 0000000..0bcaeba --- /dev/null +++ b/queue/befs-Validate-length-of-long-symbolic-links.patch @@ -0,0 +1,50 @@ +From 9e8cc7f0f72e3b41734ae4a91350282996f1008d Mon Sep 17 00:00:00 2001 +From: Timo Warns <Warns@pre-sense.de> +Date: Wed, 17 Aug 2011 17:59:56 +0200 +Subject: [PATCH] befs: Validate length of long symbolic links. + +commit 338d0f0a6fbc82407864606f5b64b75aeb3c70f2 upstream. + +Signed-off-by: Timo Warns <warns@pre-sense.de> +Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> +Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> + +diff --git a/fs/befs/linuxvfs.c b/fs/befs/linuxvfs.c +index 34ddda8..9158c07 100644 +--- a/fs/befs/linuxvfs.c ++++ b/fs/befs/linuxvfs.c +@@ -469,17 +469,22 @@ befs_follow_link(struct dentry *dentry, struct nameidata *nd) + befs_data_stream *data = &befs_ino->i_data.ds; + befs_off_t len = data->size; + +- befs_debug(sb, "Follow long symlink"); +- +- link = kmalloc(len, GFP_NOFS); +- if (!link) { +- link = ERR_PTR(-ENOMEM); +- } else if (befs_read_lsymlink(sb, data, link, len) != len) { +- kfree(link); +- befs_error(sb, "Failed to read entire long symlink"); ++ if (len == 0) { ++ befs_error(sb, "Long symlink with illegal length"); + link = ERR_PTR(-EIO); + } else { +- link[len - 1] = '\0'; ++ befs_debug(sb, "Follow long symlink"); ++ ++ link = kmalloc(len, GFP_NOFS); ++ if (!link) { ++ link = ERR_PTR(-ENOMEM); ++ } else if (befs_read_lsymlink(sb, data, link, len) != len) { ++ kfree(link); ++ befs_error(sb, "Failed to read entire long symlink"); ++ link = ERR_PTR(-EIO); ++ } else { ++ link[len - 1] = '\0'; ++ } + } + } else { + link = befs_ino->i_data.symlink; +-- +1.7.7 + diff --git a/queue/series b/queue/series index 98f4a72..4947244 100644 --- a/queue/series +++ b/queue/series @@ -208,3 +208,4 @@ taskstats-don-t-allow-duplicate-entries-in-listener-.patch # others fs-partitions-efi.c-corrupted-GUID-partition-tables-.patch Bluetooth-Prevent-buffer-overflow-in-l2cap-config-re.patch +befs-Validate-length-of-long-symbolic-links.patch |