Fwd: Linux Broadcom 5820 Cryptonet Driver Integer Overflow

Jon Peatfield J.S.Peatfield at damtp.cam.ac.uk
Fri Jul 2 14:00:23 UTC 2004 

Ignore that I found a mirror, the patch is indeed tiny.  Anyone care
to comment on a proposed set of changes to 2.4.20-35.x.legacy?

diff -urwN ../rpmbuild.jp107/SOURCES/linux-2.4.18-missing-license-tags.patch ./SOURCES/linux-2.4.18-missing-license-tags.patch
--- ../rpmbuild.jp107/SOURCES/linux-2.4.18-missing-license-tags.patch	2003-12-09 22:31:06.000000000 +0000
+++ ./SOURCES/linux-2.4.18-missing-license-tags.patch	2004-07-02 14:50:38.000000000 +0100
@@ -21,15 +21,15 @@
  static char *driver_name = "SyncLink PC Card driver";
  static char *driver_version = "$Revision: 3.4 $";
  
-diff -urNp linux-10020/drivers/crypto/bcm/dispatch.c linux-10030/drivers/crypto/bcm/dispatch.c
---- linux-10020/drivers/crypto/bcm/dispatch.c	
-+++ linux-10030/drivers/crypto/bcm/dispatch.c	
-@@ -562,3 +562,5 @@ extern void  Linux_FreeDMAMemory(void * 
- 
- 	return;
- }
-+
-+MODULE_LICENSE("GPL");
+#diff -urNp linux-10020/drivers/crypto/bcm/dispatch.c linux-10030/drivers/crypto/bcm/dispatch.c
+#--- linux-10020/drivers/crypto/bcm/dispatch.c	
+#+++ linux-10030/drivers/crypto/bcm/dispatch.c	
+#@@ -562,3 +562,5 @@ extern void  Linux_FreeDMAMemory(void * 
+# 
+# 	return;
+# }
+#+
+#+MODULE_LICENSE("GPL");
 diff -urNp linux-10020/drivers/net/hamradio/soundmodem/sm.c linux-10030/drivers/net/hamradio/soundmodem/sm.c
 --- linux-10020/drivers/net/hamradio/soundmodem/sm.c	2001-04-18 23:40:05.000000000 +0200
 +++ linux-10030/drivers/net/hamradio/soundmodem/sm.c	
diff -urwN ../rpmbuild.jp107/SOURCES/linux-2.4.27pre-nfs-fchown.patch ./SOURCES/linux-2.4.27pre-nfs-fchown.patch
--- ../rpmbuild.jp107/SOURCES/linux-2.4.27pre-nfs-fchown.patch	1970-01-01 01:00:00.000000000 +0100
+++ ./SOURCES/linux-2.4.27pre-nfs-fchown.patch	2004-07-02 14:44:46.000000000 +0100
@@ -0,0 +1,12 @@
+--- linux-2.4.22/fs/attr.c~	2004-07-01 17:24:21.707391872 +0100
++++ linux-2.4.22/fs/attr.c	2004-07-01 17:24:40.733499464 +0100
+@@ -33,7 +33,8 @@
+ 
+ 	/* Make sure caller can chgrp. */
+ 	if ((ia_valid & ATTR_GID) &&
+-	    (!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid) &&
++	    (current->fsuid != inode->i_uid ||
++		(!in_group_p(attr->ia_gid) && attr->ia_gid != inode->i_gid)) &&
+ 	    !capable(CAP_CHOWN))
+ 		goto error;
+ 
diff -urwN ../rpmbuild.jp107/SPECS/kernel-2.4.spec ./SPECS/kernel-2.4.spec
--- ../rpmbuild.jp107/SPECS/kernel-2.4.spec	2004-06-23 16:00:44.000000000 +0100
+++ ./SPECS/kernel-2.4.spec	2004-07-02 14:48:34.000000000 +0100
@@ -21,7 +21,7 @@
 # that the kernel isn't the stock RHL kernel, for example by
 # adding some text to the end of the version number.
 #
-%define release 35.9.legacy
+%define release 36.9.legacy
 %define sublevel 20
 %define kversion 2.4.%{sublevel}
 # /usr/src/%{kslnk} -> /usr/src/linux-%{KVERREL}
@@ -292,6 +292,7 @@
 Patch970: linux-2.4.25pre-selected-patches.legacy.patch
 Patch980: linux-2.4.26pre-selected-patches.legacy.patch
 Patch990: linux-2.4.27pre-fix-x86-clear_fpu-macro.patch
+Patch991: linux-2.4.27pre-nfs-fchown.patch
 
 #
 # Patches 1000 to 5000 are reserved for bugfixes to drivers and filesystems
@@ -760,6 +761,9 @@
 # Local DoS fix in clear_fpu macro
 %patch990 -p1
 
+# Fix NFS fchown bug
+%patch991 -p1
+
 #
 # Patches 1000 to 5000 are reserved for bugfixes to drivers and filesystems
 #
@@ -1129,12 +1133,14 @@
 %patch5030 -p1
 # ECC reporting module
 %patch5050 -p1
-# Broadcom 5820 driver
-%patch5090 -p1
-%patch5091 -p1
-%patch5092 -p1
-%patch5093 -p1
-%patch5094 -p1
+# Disable Broadcom driver at least until there is a proper fix
+## Broadcom 5820 driver
+#%patch5090 -p1
+#%patch5091 -p1
+#%patch5092 -p1
+#%patch5093 -p1
+#%patch5094 -p1
+
 # iSCSI driver, and fix
 %patch5120 -p1
 
@@ -1948,6 +1954,10 @@
 #
 
 %changelog
+* Thu Jul  1 2004 Dave Jones <davej at redhat.com>
+- add patch to fix missing checks in fchown() (CAN-2004-0497)
+- Drop Broadcom 5820 driver due to code quality concerns.
+
 * Fri Jun 18 2004 Dominic Hargreaves <dom at earth.li>
 - Fix memory leak in kernel/fork.c. (CAN-2004-0427)
 - Numerous userspace pointer reference bugs found with the sparse

I'll build this up shortly and let people know what I get...

 -- Jon

More information about the fedora-legacy-list mailing list