diff options
Diffstat (limited to 'patches')
-rw-r--r-- | patches/cve/4.9.x.scc | 3 | ||||
-rw-r--r-- | patches/cve/CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch | 48 |
2 files changed, 51 insertions, 0 deletions
diff --git a/patches/cve/4.9.x.scc b/patches/cve/4.9.x.scc index fb8cc06..7283a43 100644 --- a/patches/cve/4.9.x.scc +++ b/patches/cve/4.9.x.scc | |||
@@ -1,2 +1,5 @@ | |||
1 | #CVEs fixed in 4.9.117: | 1 | #CVEs fixed in 4.9.117: |
2 | patch CVE-2018-14734-infiniband-fix-a-possible-use-after-free-bug.patch | 2 | patch CVE-2018-14734-infiniband-fix-a-possible-use-after-free-bug.patch |
3 | |||
4 | #CVEs fixed in 4.9.119: | ||
5 | patch CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch | ||
diff --git a/patches/cve/CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch b/patches/cve/CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch new file mode 100644 index 0000000..b5c7971 --- /dev/null +++ b/patches/cve/CVE-2018-12233-jfs-Fix-inconsistency-between-memory-allocation-and-.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 92d34134193e5b129dc24f8d79cb9196626e8d7a Mon Sep 17 00:00:00 2001 | ||
2 | From: Shankara Pailoor <shankarapailoor@gmail.com> | ||
3 | Date: Tue, 5 Jun 2018 08:33:27 -0500 | ||
4 | Subject: [PATCH] jfs: Fix inconsistency between memory allocation and | ||
5 | ea_buf->max_size | ||
6 | |||
7 | The code is assuming the buffer is max_size length, but we weren't | ||
8 | allocating enough space for it. | ||
9 | |||
10 | CVE: CVE-2018-12233 | ||
11 | Upstream-Status: Backport | ||
12 | |||
13 | Signed-off-by: Shankara Pailoor <shankarapailoor@gmail.com> | ||
14 | Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com> | ||
15 | Signed-off-by: Andreas Wellving <andreas.wellving@enea.com> | ||
16 | --- | ||
17 | fs/jfs/xattr.c | 10 ++++++---- | ||
18 | 1 file changed, 6 insertions(+), 4 deletions(-) | ||
19 | |||
20 | diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c | ||
21 | index c60f3d3..a679798 100644 | ||
22 | --- a/fs/jfs/xattr.c | ||
23 | +++ b/fs/jfs/xattr.c | ||
24 | @@ -491,15 +491,17 @@ static int ea_get(struct inode *inode, struct ea_buffer *ea_buf, int min_size) | ||
25 | if (size > PSIZE) { | ||
26 | /* | ||
27 | * To keep the rest of the code simple. Allocate a | ||
28 | - * contiguous buffer to work with | ||
29 | + * contiguous buffer to work with. Make the buffer large | ||
30 | + * enough to make use of the whole extent. | ||
31 | */ | ||
32 | - ea_buf->xattr = kmalloc(size, GFP_KERNEL); | ||
33 | + ea_buf->max_size = (size + sb->s_blocksize - 1) & | ||
34 | + ~(sb->s_blocksize - 1); | ||
35 | + | ||
36 | + ea_buf->xattr = kmalloc(ea_buf->max_size, GFP_KERNEL); | ||
37 | if (ea_buf->xattr == NULL) | ||
38 | return -ENOMEM; | ||
39 | |||
40 | ea_buf->flag = EA_MALLOC; | ||
41 | - ea_buf->max_size = (size + sb->s_blocksize - 1) & | ||
42 | - ~(sb->s_blocksize - 1); | ||
43 | |||
44 | if (ea_size == 0) | ||
45 | return 0; | ||
46 | -- | ||
47 | 2.7.4 | ||
48 | |||