rpms/kernel/F-10 md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch, NONE, 1.1 kernel.spec, 1.1403, 1.1404

Kyle McMartin kyle at fedoraproject.org
Wed Aug 19 05:13:15 UTC 2009 

Author: kyle

Update of /cvs/pkgs/rpms/kernel/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8011

Modified Files:
	kernel.spec 
Added Files:
	md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch 
Log Message:
add patch to fix CVE-2009-2849

md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch:
 md.c |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

--- NEW FILE md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch ---
>From b7288e0c6f2ecdf49dcb14129217ca42c8949e68 Mon Sep 17 00:00:00 2001
From: NeilBrown <neilb at suse.de>
Date: Wed, 1 Jul 2009 11:14:04 +1000
Subject: md: avoid dereferencing NULL pointer when accessing suspend_* sysfs attributes.

commit b8d966efd9a46a9a35beac50cbff6e30565125ef upstream.

If we try to modify one of the md/ sysfs files
  suspend_lo or suspend_hi
when the array is not active, we dereference a NULL.
Protect against that.

Signed-off-by: NeilBrown <neilb at suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh at suse.de>

(cherry picked from commit 3c92900d9a4afb176d3de335dc0da0198660a244)
---
 drivers/md/md.c |    6 ++++--
 1 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/drivers/md/md.c b/drivers/md/md.c
index dc85211..e2d617f 100644
--- a/drivers/md/md.c
+++ b/drivers/md/md.c
@@ -3353,7 +3353,8 @@ suspend_lo_store(mddev_t *mddev, const char *buf, size_t len)
 	char *e;
 	unsigned long long new = simple_strtoull(buf, &e, 10);
 
-	if (mddev->pers->quiesce == NULL)
+	if (mddev->pers == NULL ||
+	    mddev->pers->quiesce == NULL)
 		return -EINVAL;
 	if (buf == e || (*e && *e != '\n'))
 		return -EINVAL;
@@ -3381,7 +3382,8 @@ suspend_hi_store(mddev_t *mddev, const char *buf, size_t len)
 	char *e;
 	unsigned long long new = simple_strtoull(buf, &e, 10);
 
-	if (mddev->pers->quiesce == NULL)
+	if (mddev->pers == NULL ||
+	    mddev->pers->quiesce == NULL)
 		return -EINVAL;
 	if (buf == e || (*e && *e != '\n'))
 		return -EINVAL;
-- 
1.6.4



Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-10/kernel.spec,v
retrieving revision 1.1403
retrieving revision 1.1404
diff -u -p -r1.1403 -r1.1404
--- kernel.spec	19 Aug 2009 02:33:33 -0000	1.1403
+++ kernel.spec	19 Aug 2009 05:13:15 -0000	1.1404
@@ -763,6 +763,7 @@ Patch11040: add-fno-delete-null-pointer-
 Patch11060: personality-fix-per_clear_on_setid.patch
 Patch11070: execve-must-clear-current-clear_child_tid.patch
 Patch11080: make-mmap_min_addr-suck-less.patch
+Patch11090: md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch
 
 %endif
 
@@ -1446,6 +1447,9 @@ ApplyPatch execve-must-clear-current-cle
 
 ApplyPatch make-mmap_min_addr-suck-less.patch
 
+# CVE-2009-2849
+ApplyPatch md-avoid-dereferencing-NULL-ptr-suspend-sysfs.patch
+
 # ======= END OF PATCH APPLICATIONS =============================
 
 %endif
@@ -2022,10 +2026,12 @@ fi
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
-* Tue Aug 18 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-102
+* Tue Aug 18 2009 Kyle McMartin <kyle at redhat.com>
 - CVE-2009-2848: execve: must clear current->clear_child_tid
 - Backport several upstream commits 52dec22e739eec8f3a0154f768a599f5489048bd
   to improve mmap_min_addr.
+- CVE-2009-2849: md: avoid dereferencing null ptr when accessing suspend
+  sysfs attributes.
 
 * Tue Aug 18 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-99
 - Intel wireless fixes from Fedora 11:

More information about the fedora-extras-commits mailing list