diff options
author | Sona Sarmadi <sona.sarmadi@enea.com> | 2016-06-16 09:47:10 +0200 |
---|---|---|
committer | Tudor Florea <tudor.florea@enea.com> | 2016-06-16 15:48:32 +0200 |
commit | 5a09d19a9799291e6a125aacb0cd6451b37660f9 (patch) | |
tree | 0b5e38526dd7e9ce7501a2f3398ac7c29da3637b | |
parent | 1586e3d34a97f041a1ec81f398201bab9a86efe7 (diff) | |
download | meta-enea-5a09d19a9799291e6a125aacb0cd6451b37660f9.tar.gz |
kernel-cifs: CVE-2013-4247
Fix off-by-one bug in build_unc_path_to_root
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4247
Reference to upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=1fc29bacedeabb278080e31bb9c1ecb49f143c3b
Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r-- | recipes-kernel/linux/files/fs-CVE-2013-4247.patch | 48 | ||||
-rw-r--r-- | recipes-kernel/linux/linux-qoriq-sdk.bbappend | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/recipes-kernel/linux/files/fs-CVE-2013-4247.patch b/recipes-kernel/linux/files/fs-CVE-2013-4247.patch new file mode 100644 index 0000000..bee75b9 --- /dev/null +++ b/recipes-kernel/linux/files/fs-CVE-2013-4247.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From 1fc29bacedeabb278080e31bb9c1ecb49f143c3b Mon Sep 17 00:00:00 2001 | ||
2 | From: Jeff Layton <jlayton@redhat.com> | ||
3 | Date: Fri, 31 May 2013 10:00:18 -0400 | ||
4 | Subject: cifs: fix off-by-one bug in build_unc_path_to_root | ||
5 | |||
6 | commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed | ||
7 | the code such that the vol->prepath no longer contained a leading | ||
8 | delimiter and then fixed up the places that accessed that field to | ||
9 | account for that change. | ||
10 | |||
11 | One spot in build_unc_path_to_root was missed however. When doing the | ||
12 | pointer addition on pos, that patch failed to account for the fact that | ||
13 | we had already incremented "pos" by one when adding the length of the | ||
14 | prepath. This caused a buffer overrun by one byte. | ||
15 | |||
16 | This patch fixes the problem by correcting the handling of "pos". | ||
17 | |||
18 | CVE: CVE-2013-4247 | ||
19 | Upstream-Status: Backport | ||
20 | |||
21 | Cc: <stable@vger.kernel.org> # v3.8+ | ||
22 | Reported-by: Marcus Moeller <marcus.moeller@gmx.ch> | ||
23 | Reported-by: Ken Fallon <ken.fallon@gmail.com> | ||
24 | Signed-off-by: Jeff Layton <jlayton@redhat.com> | ||
25 | Signed-off-by: Steve French <sfrench@us.ibm.com> | ||
26 | Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> | ||
27 | --- | ||
28 | fs/cifs/connect.c | 4 ++-- | ||
29 | 1 file changed, 2 insertions(+), 2 deletions(-) | ||
30 | |||
31 | diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c | ||
32 | index 5b97e56..e3bc39b 100644 | ||
33 | --- a/fs/cifs/connect.c | ||
34 | +++ b/fs/cifs/connect.c | ||
35 | @@ -3279,8 +3279,8 @@ build_unc_path_to_root(const struct smb_vol *vol, | ||
36 | pos = full_path + unc_len; | ||
37 | |||
38 | if (pplen) { | ||
39 | - *pos++ = CIFS_DIR_SEP(cifs_sb); | ||
40 | - strncpy(pos, vol->prepath, pplen); | ||
41 | + *pos = CIFS_DIR_SEP(cifs_sb); | ||
42 | + strncpy(pos + 1, vol->prepath, pplen); | ||
43 | pos += pplen; | ||
44 | } | ||
45 | |||
46 | -- | ||
47 | cgit v0.12 | ||
48 | |||
diff --git a/recipes-kernel/linux/linux-qoriq-sdk.bbappend b/recipes-kernel/linux/linux-qoriq-sdk.bbappend index 8007b41..6a5bfaa 100644 --- a/recipes-kernel/linux/linux-qoriq-sdk.bbappend +++ b/recipes-kernel/linux/linux-qoriq-sdk.bbappend | |||
@@ -17,6 +17,7 @@ SRC_URI += "file://add-no-error-uninitialized.patch \ | |||
17 | file://HID_CVE_patches/0013-HID-picolcd_core-validate-output-report-details.patch \ | 17 | file://HID_CVE_patches/0013-HID-picolcd_core-validate-output-report-details.patch \ |
18 | file://HID_CVE_patches/0014-HID-check-for-NULL-field-when-setting-values.patch \ | 18 | file://HID_CVE_patches/0014-HID-check-for-NULL-field-when-setting-values.patch \ |
19 | file://powerpc-fsl-booke64-Set-vmemmap_psize-to-4K.patch \ | 19 | file://powerpc-fsl-booke64-Set-vmemmap_psize-to-4K.patch \ |
20 | file://fs-CVE-2013-4247.patch \ | ||
20 | file://Fix-CVE-2014-3153.patch \ | 21 | file://Fix-CVE-2014-3153.patch \ |
21 | file://CVE-2014-0196_n_tty_write_crash.patch \ | 22 | file://CVE-2014-0196_n_tty_write_crash.patch \ |
22 | file://Fix-CVE-2014-5471_CVE-2014-5472.patch \ | 23 | file://Fix-CVE-2014-5471_CVE-2014-5472.patch \ |