reupdated #70681 and fixed CAN 0883

author: Guillaume Destuynder <kang@gentoo.org> 2004-11-28 22:46:15 +0000
committer: Guillaume Destuynder <kang@gentoo.org> 2004-11-28 22:46:15 +0000
commit: 1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9 (patch)
tree: cf57b076608d17e946c741a7055b0b16f77775c1 /sys-kernel/rsbac-dev-sources
parent: Mark stable on x86. (Manifest recommit) (diff)
download: gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.tar.gz
gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.tar.bz2
gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.zip
6 files changed, 129 insertions, 26 deletions
diff --git a/sys-kernel/rsbac-dev-sources/ChangeLog b/sys-kernel/rsbac-dev-sources/ChangeLog
index b2d4eb73397a..93e721a35e79 100644
--- a/sys-kernel/rsbac-dev-sources/ChangeLog
+++ b/sys-kernel/rsbac-dev-sources/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-kernel/rsbac-dev-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.13 2004/11/13 16:45:25 swegener Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/ChangeLog,v 1.14 2004/11/28 22:46:15 kang Exp $
+
+  28 Nov 2004; Guillaume Destuynder <kang@gentoo.org>
+  files/rsbac-dev-sources-2.6.7-70681-binfmt.patch,
+  -rsbac-dev-sources-2.6.7-r7.ebuild:
+  reupdated #79681, fixes CAN 0883
 
   13 Nov 2004; Sven Wegener <swegener@gentoo.org> :
   Removed stray digest.
diff --git a/sys-kernel/rsbac-dev-sources/Manifest b/sys-kernel/rsbac-dev-sources/Manifest
index db5bdf2a3f72..024ac015ae04 100644
--- a/sys-kernel/rsbac-dev-sources/Manifest
+++ b/sys-kernel/rsbac-dev-sources/Manifest
@@ -1,25 +1,16 @@
------BEGIN PGP SIGNED MESSAGE-----
-Hash: SHA1
-
-MD5 3879968e7ee1fc0e6ad99f0ab17ecef5 ChangeLog 3509
+MD5 01ef17f06d85c6ec0c221dd0c310e71d ChangeLog 3689
 MD5 ed6fb50f79e8049f3f3576bb25c32747 metadata.xml 465
-MD5 818a888099a93e2e2054b898e2c6f1f5 rsbac-dev-sources-2.6.7-r7.ebuild 1710
+MD5 25342107d15f90d88756fc353819ae6c rsbac-dev-sources-2.6.7-r8.ebuild 1756
 MD5 706d7794a822074aaf31502d7a7e48d3 files/2.6.7-cmdline.patch 455
 MD5 b6e38b41c8a79943df2ab2642149d06f files/rsbac-dev-sources-CAN-2004-0497.patch 2214
 MD5 f0e12ba218f53c2694a91259bdc2fdc7 files/rsbac-dev-sources-CAN-2004-0596.patch 494
 MD5 263a9f529a3b80e2c91340a73c0c5920 files/rsbac-dev-sources-CAN-2004-0816.patch 1445
 MD5 6451bd210935a3978fd3a3edac673591 files/rsbac-dev-sources-iptables-dos.patch 389
 MD5 a869ab037c7e264df5f8e899864f08e9 files/rsbac-dev-sources-v1.2.3-3.patch 557
-MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r7 281
 MD5 6197e52bf5742c3f61716fe6a681055c files/rsbac-bugfix-v1.2.3-6.diff 13068
 MD5 97a40292e0b33025c43888a20190ef29 files/rsbac-bugfix-v1.2.3-ao-01.diff 1180
 MD5 b70bcb7c4896526b671f12695522cb0e files/rsbac-bugfix-v1.2.3-kang-01.diff 510
 MD5 452e04a312368605e145428c35bd0e05 files/rsbac-dev-sources-2.6.7-62524-ptmx.patch 572
-MD5 1ee8ba8362089c31fdd7d88b32eaf63e files/rsbac-dev-sources-2.6.7-70681-binfmt.patch 1938
------BEGIN PGP SIGNATURE-----
-Version: GnuPG v1.9.10 (GNU/Linux)
-
-iD8DBQFBljovI1lqEGTUzyQRAjilAJ9d3RiiN0sqQIvdhNe8wRSBXiK5xACeNCiS
-NHjMk14RfDMqiE9OCu9GuIM=
-=Naj3
------END PGP SIGNATURE-----
+MD5 accdbfc81ddc59d568ed845b5972f10a files/rsbac-dev-sources-2.6.7-70681-binfmt.patch 2606
+MD5 7872d0af6e27fb6007833b113097bb34 files/rsbac-dev-sources-2.6.7-CAN-2004-0883.patch 3357
+MD5 fd024d5229ee08ef90d6a532bdf99977 files/digest-rsbac-dev-sources-2.6.7-r8 281
diff --git a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r7 b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r8
index 354ef30ca678..354ef30ca678 100644
--- a/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r7
+++ b/sys-kernel/rsbac-dev-sources/files/digest-rsbac-dev-sources-2.6.7-r8
diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-70681-binfmt.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-70681-binfmt.patch
index 9ca23675f25d..c0f90a5dfbd8 100644
--- a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-70681-binfmt.patch
+++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-70681-binfmt.patch
@@ -1,6 +1,7 @@
---- linux-2.6.7-uc0-r8/fs/binfmt_elf.c	2004-11-12 11:50:08 -08:00
-+++ linux-2.6.7-uc0-r8-plasmaroo/fs/binfmt_elf.c	2004-11-12 11:50:08 -08:00
-@@ -335,9 +335,12 @@
+diff -X /usr/src/dontdiff -urNp linux-2.6.7-gentoo-r16/fs/binfmt_elf.c linux-dsd/fs/binfmt_elf.c
+--- linux-2.6.7-gentoo-r16/fs/binfmt_elf.c	2004-06-16 06:19:22.000000000 +0100
++++ linux-dsd/fs/binfmt_elf.c	2004-11-24 16:24:00.301979976 +0000
+@@ -332,9 +332,12 @@ static unsigned long load_elf_interp(str
  		goto out;
  
  	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
@@ -15,20 +16,30 @@
  
  	eppnt = elf_phdata;
  	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
-@@ -532,8 +535,11 @@
+@@ -520,8 +523,11 @@ static int load_elf_binary(struct linux_
  		goto out;
  
  	retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
 -	if (retval < 0)
 +	if (retval != size) {
-+		if (retval >= 0)
++		if (retval < 0)
 +			retval = -EIO;
  		goto out_free_ph;
 +	}
  
  	files = current->files;		/* Refcounted so ok */
  	retval = unshare_files();
-@@ -580,8 +586,14 @@
+@@ -558,7 +564,8 @@ static int load_elf_binary(struct linux_
+ 			 */
+ 
+ 			retval = -ENOMEM;
+-			if (elf_ppnt->p_filesz > PATH_MAX)
++			if (elf_ppnt->p_filesz > PATH_MAX || 
++			    elf_ppnt->p_filesz == 0)
+ 				goto out_free_file;
+ 			elf_interpreter = (char *) kmalloc(elf_ppnt->p_filesz,
+ 							   GFP_KERNEL);
+@@ -568,8 +575,16 @@ static int load_elf_binary(struct linux_
  			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
  					   elf_interpreter,
  					   elf_ppnt->p_filesz);
@@ -39,12 +50,14 @@
  				goto out_free_interp;
 +			}
 +			/* make sure path is NULL terminated */
-+			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++			retval = -EINVAL;
++			if (elf_interpreter[elf_ppnt->p_filesz - 1] != '\0')
++				goto out_free_interp;
 +
  			/* If the program interpreter is one of these two,
  			 * then assume an iBCS2 image. Otherwise assume
  			 * a native linux image.
-@@ -616,8 +628,11 @@
+@@ -604,8 +619,11 @@ static int load_elf_binary(struct linux_
  			if (IS_ERR(interpreter))
  				goto out_free_interp;
  			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
@@ -56,8 +69,8 @@
 +			}
  
  			/* Get the exec headers */
- 			loc->interp_ex = *((struct exec *) bprm->buf);
-@@ -776,8 +791,10 @@
+ 			interp_ex = *((struct exec *) bprm->buf);
+@@ -757,8 +775,10 @@ static int load_elf_binary(struct linux_
  		}
  
  		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
diff --git a/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-CAN-2004-0883.patch b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-CAN-2004-0883.patch
new file mode 100644
index 000000000000..74840e628699
--- /dev/null
+++ b/sys-kernel/rsbac-dev-sources/files/rsbac-dev-sources-2.6.7-CAN-2004-0883.patch
@@ -0,0 +1,93 @@
+diff -urN linux-2.6.7-hardened-r14/fs/smbfs/proc.c linux-2.6.7-hardened-r15/fs/smbfs/proc.c
+--- linux-2.6.7-hardened-r14/fs/smbfs/proc.c	2004-11-24 12:46:34.000000000 -0500
++++ linux-2.6.7-hardened-r15/fs/smbfs/proc.c	2004-11-24 12:53:38.883511896 -0500
+@@ -1423,9 +1423,9 @@
+ 	 * So we must first calculate the amount of padding used by the server.
+ 	 */
+ 	data_off -= hdrlen;
+-	if (data_off > SMB_READX_MAX_PAD) {
+-		PARANOIA("offset is larger than max pad!\n");
+-		PARANOIA("%d > %d\n", data_off, SMB_READX_MAX_PAD);
++	if (data_off > SMB_READX_MAX_PAD || data_off < 0) {
++		PARANOIA("offset is larger than SMB_READX_MAX_PAD or negative!\n");
++		PARANOIA("%d > %d || %d < 0\n", data_off, SMB_READX_MAX_PAD, data_off);
+ 		req->rq_rlen = req->rq_bufsize + 1;
+ 		return;
+ 	}
+diff -urN linux-2.6.7-hardened-r14/fs/smbfs/request.c linux-2.6.7-hardened-r15/fs/smbfs/request.c
+--- linux-2.6.7-hardened-r14/fs/smbfs/request.c	2004-11-24 12:46:34.000000000 -0500
++++ linux-2.6.7-hardened-r15/fs/smbfs/request.c	2004-11-24 12:53:38.885511592 -0500
+@@ -588,6 +588,10 @@
+ 	data_count  = WVAL(inbuf, smb_drcnt);
+ 
+ 	/* Modify offset for the split header/buffer we use */
++	if (data_offset < hdrlen)
++		goto out_bad_data;
++	if (parm_offset < hdrlen)
++		goto out_bad_parm;
+ 	data_offset -= hdrlen;
+ 	parm_offset -= hdrlen;
+ 
+@@ -607,6 +611,10 @@
+ 		req->rq_lparm = parm_count;
+ 		req->rq_data = req->rq_buffer + data_offset;
+ 		req->rq_parm = req->rq_buffer + parm_offset;
++		if (parm_offset + parm_count > req->rq_rlen)
++			goto out_bad_parm;
++		if (data_offset + data_count > req->rq_rlen)
++			goto out_bad_data;
+ 		return 0;
+ 	}
+ 
+@@ -634,6 +642,7 @@
+ 		req->rq_trans2buffer = smb_kmalloc(buf_len, GFP_NOFS);
+ 		if (!req->rq_trans2buffer)
+ 			goto out_no_mem;
++		memset(req->rq_trans2buffer, 0, buf_len);
+ 
+ 		req->rq_parm = req->rq_trans2buffer;
+ 		req->rq_data = req->rq_trans2buffer + parm_tot;
+@@ -643,8 +652,12 @@
+ 
+ 	if (parm_disp + parm_count > req->rq_total_parm)
+ 		goto out_bad_parm;
++	if (parm_offset + parm_count > req->rq_rlen)
++		goto out_bad_parm;
+ 	if (data_disp + data_count > req->rq_total_data)
+ 		goto out_bad_data;
++	if (data_offset + data_count > req->rq_rlen)
++		goto out_bad_data;
+ 
+ 	inbuf = req->rq_buffer;
+ 	memcpy(req->rq_parm + parm_disp, inbuf + parm_offset, parm_count);
+@@ -657,8 +670,11 @@
+ 	 * Check whether we've received all of the data. Note that
+ 	 * we use the packet totals -- total lengths might shrink!
+ 	 */
+-	if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot)
++	if (req->rq_ldata >= data_tot && req->rq_lparm >= parm_tot) {
++		req->rq_ldata = data_tot;
++		req->rq_lparm = parm_tot;
+ 		return 0;
++	}
+ 	return 1;
+ 
+ out_too_long:
+@@ -676,13 +692,13 @@
+ 	req->rq_errno = -EIO;
+ 	goto out;
+ out_bad_parm:
+-	printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d\n",
+-	       parm_disp, parm_count, parm_tot);
++	printk(KERN_ERR "smb_trans2: invalid parms, disp=%d, cnt=%d, tot=%d, ofs=%d\n",
++	       parm_disp, parm_count, parm_tot, parm_offset);
+ 	req->rq_errno = -EIO;
+ 	goto out;
+ out_bad_data:
+-	printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d\n",
+-	       data_disp, data_count, data_tot);
++	printk(KERN_ERR "smb_trans2: invalid data, disp=%d, cnt=%d, tot=%d, ofs=%d\n",
++	       data_disp, data_count, data_tot, data_offset);
+ 	req->rq_errno = -EIO;
+ out:
+ 	return req->rq_errno;
diff --git a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r7.ebuild b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r8.ebuild
index 1e6f91753b17..63eb3c55a56f 100644
--- a/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r7.ebuild
+++ b/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r8.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r7.ebuild,v 1.1 2004/11/13 13:20:27 kang Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/rsbac-dev-sources/rsbac-dev-sources-2.6.7-r8.ebuild,v 1.1 2004/11/28 22:46:15 kang Exp $
 
 IUSE=""
 ETYPE="sources"
@@ -18,6 +18,7 @@ RGPV_SRC="mirror://rsbac-patches-${KV_MAJOR}.${KV_MINOR}-${RGPV}.tar.bz2"
 
 UNIPATCH_STRICTORDER="yes"
 UNIPATCH_LIST="${FILESDIR}/${PN}-iptables-dos.patch
+	${FILESDIR}/${PN}-${OKV}-CAN-2004-0883.patch
 	${FILESDIR}/${PN}-CAN-2004-0497.patch
 	${FILESDIR}/${PN}-CAN-2004-0596.patch
 	${FILESDIR}/${OKV}-cmdline.patch
author	Guillaume Destuynder <kang@gentoo.org>	2004-11-28 22:46:15 +0000
committer	Guillaume Destuynder <kang@gentoo.org>	2004-11-28 22:46:15 +0000
commit	1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9 (patch)
tree	cf57b076608d17e946c741a7055b0b16f77775c1 /sys-kernel/rsbac-dev-sources
parent	Mark stable on x86. (Manifest recommit) (diff)
download	gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.tar.gz gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.tar.bz2 gentoo-2-1bf912bd0ea1e1643411a0e1e9f0a8a1ca04cdb9.zip