rpms/kernel/F-11 linux-2.6-ecryptfs-overflow-fixes.patch, NONE, 1.1.2.1 kernel.spec, 1.1679, 1.1679.2.1
Chuck Ebbert
cebbert at fedoraproject.org
Wed Jul 29 16:48:26 UTC 2009
- Previous message (by thread): rpms/ndoutils/F-11 README.Fedora, NONE, 1.1 ndo-shared-so.patch, NONE, 1.1 ndo2db.cfg, NONE, 1.1 ndo2db.initd, NONE, 1.1 ndomod.cfg, NONE, 1.1 ndoutils.spec, NONE, 1.1 sources, 1.1, 1.2
- Next message (by thread): rpms/nautilus-sendto/devel .cvsignore, 1.22, 1.23 nautilus-sendto.spec, 1.78, 1.79 sources, 1.22, 1.23 nst-empathy-new-api-again.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv25215
Modified Files:
Tag: private-fedora-11-2_6_29_6
kernel.spec
Added Files:
Tag: private-fedora-11-2_6_29_6
linux-2.6-ecryptfs-overflow-fixes.patch
Log Message:
Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)
linux-2.6-ecryptfs-overflow-fixes.patch:
keystore.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
--- NEW FILE linux-2.6-ecryptfs-overflow-fixes.patch ---
[PATCH 1/2] eCryptfs: Check Tag 11 literal data buffer size
Tag 11 packets are stored in the metadata section of an eCryptfs file to
store the key signature(s) used to encrypt the file encryption key.
After extracting the packet length field to determine the key signature
length, a check is not performed to see if the length would exceed the
key signature buffer size that was passed into parse_tag_11_packet().
Thanks to Ramon de Carvalho Valle for finding this bug using fsfuzzer.
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
[PATCH 2/2] eCryptfs: parse_tag_3_packet check tag 3 packet encrypted key size
The parse_tag_3_packet function does not check if the tag 3 packet contains a
encrypted key size larger than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES.
Signed-off-by: Ramon de Carvalho Valle <ramon at risesecurity.org>
[tyhicks at linux.vnet.ibm.com: Added printk newline and changed goto to out_free]
Signed-off-by: Tyler Hicks <tyhicks at linux.vnet.ibm.com>
---
fs/ecryptfs/keystore.c | 13 +++++++++++++
1 file changed, 13 insertions(+)
Index: linux-2.6.29.noarch/fs/ecryptfs/keystore.c
===================================================================
--- linux-2.6.29.noarch.orig/fs/ecryptfs/keystore.c
+++ linux-2.6.29.noarch/fs/ecryptfs/keystore.c
@@ -1304,6 +1304,13 @@ parse_tag_3_packet(struct ecryptfs_crypt
}
(*new_auth_tok)->session_key.encrypted_key_size =
(body_size - (ECRYPTFS_SALT_SIZE + 5));
+ if ((*new_auth_tok)->session_key.encrypted_key_size
+ > ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES) {
+ printk(KERN_WARNING "Tag 3 packet contains key larger "
+ "than ECRYPTFS_MAX_ENCRYPTED_KEY_BYTES\n");
+ rc = -EINVAL;
+ goto out_free;
+ }
if (unlikely(data[(*packet_size)++] != 0x04)) {
printk(KERN_WARNING "Unknown version number [%d]\n",
data[(*packet_size) - 1]);
@@ -1450,6 +1457,12 @@ parse_tag_11_packet(unsigned char *data,
rc = -EINVAL;
goto out;
}
+ if (unlikely((*tag_11_contents_size) > max_contents_bytes)) {
+ printk(KERN_ERR "Literal data section in tag 11 packet exceeds "
+ "expected size\n");
+ rc = -EINVAL;
+ goto out;
+ }
if (data[(*packet_size)++] != 0x62) {
printk(KERN_WARNING "Unrecognizable packet\n");
rc = -EINVAL;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/F-11/kernel.spec,v
retrieving revision 1.1679
retrieving revision 1.1679.2.1
diff -u -p -r1.1679 -r1.1679.2.1
--- kernel.spec 23 Jul 2009 18:05:37 -0000 1.1679
+++ kernel.spec 29 Jul 2009 16:48:25 -0000 1.1679.2.1
@@ -763,6 +763,7 @@ Patch2903: linux-2.6-revert-dvb-net-kabi
Patch3000: linux-2.6-btrfs-unstable-update.patch
Patch3010: linux-2.6-relatime-by-default.patch
Patch3020: linux-2.6-fiemap-header-install.patch
+Patch3030: linux-2.6-ecryptfs-overflow-fixes.patch
Patch5000: linux-2.6-add-qcserial.patch
@@ -1262,6 +1263,9 @@ ApplyPatch linux-2.6-execshield.patch
# btrfs
ApplyPatch linux-2.6-btrfs-unstable-update.patch
+# eCryptfs
+ApplyPatch linux-2.6-ecryptfs-overflow-fixes.patch
+
# relatime
ApplyPatch linux-2.6-relatime-by-default.patch
@@ -2109,6 +2113,9 @@ fi
# and build.
%changelog
+* Wed Jul 29 2009 Chuck Ebbert <cebbert at redhat.com> 2.6.29.6-218
+- Fix eCryptfs overflow issues (CVE-2009-2406, CVE-2009-2407)
+
* Thu Jul 23 2009 Kyle McMartin <kyle at redhat.com> 2.6.29.6-217
- Apply three patches requested by sgruszka at redhat.com:
- iwl3945-release-resources-before-shutting-down.patch
- Previous message (by thread): rpms/ndoutils/F-11 README.Fedora, NONE, 1.1 ndo-shared-so.patch, NONE, 1.1 ndo2db.cfg, NONE, 1.1 ndo2db.initd, NONE, 1.1 ndomod.cfg, NONE, 1.1 ndoutils.spec, NONE, 1.1 sources, 1.1, 1.2
- Next message (by thread): rpms/nautilus-sendto/devel .cvsignore, 1.22, 1.23 nautilus-sendto.spec, 1.78, 1.79 sources, 1.22, 1.23 nst-empathy-new-api-again.patch, 1.2, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list