[Xen-changelog] [xen-3.1-testing] CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.

["Xen patchbot-3.1-testing" <patchbot-3.1-testing@xxxxxxxxxxxxxxxxxxx>]

# HG changeset patch
# User Keir Fraser <keir.fraser@xxxxxxxxxx>
# Date 1203345191 0
# Node ID c4e0558a0385275bd9ba1086163638c922c596ca
# Parent  69dd582e3850e96c00d5b212e163f6ee6bf80ff7
CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
Fix is Al Viro's suggested patch for RHEL5.
Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
linux-2.6.18-xen changeset:   416:08e85e79c65d0316bfda5e77e8a0dc7ab9ca181a
linux-2.6.18-xen date:        Mon Feb 11 11:05:27 2008 +0000
---
 patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d |   18 +++++++++++++++
 patches/linux-2.6.18.8/series                            |    1 
 2 files changed, 19 insertions(+)

diff -r 69dd582e3850 -r c4e0558a0385 
patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/patches/linux-2.6.18.8/linux-2.6.18-xen-416-08e85e79c65d  Mon Feb 18 
14:33:11 2008 +0000
@@ -0,0 +1,22 @@
+# HG changeset patch
+# User Keir Fraser <keir.fraser@xxxxxxxxxx>
+# Date 1202727927 0
+# Node ID 08e85e79c65d0316bfda5e77e8a0dc7ab9ca181a
+# Parent  90fbf541d772e9df4e7a4be3ed667d9bac5412c0
+CVE-2008-0600: Fix exploitable hole in vmsplice() syscall.
+Fix is Al Viro's suggested patch for RHEL5.
+Signed-off-by: Keir Fraser <keir.fraser@xxxxxxxxxx>
+
+diff -r 90fbf541d772 -r 08e85e79c65d fs/splice.c
+--- a/fs/splice.c      Mon Feb 11 10:19:25 2008 +0000
++++ b/fs/splice.c      Mon Feb 11 11:05:27 2008 +0000
+@@ -1141,6 +1141,9 @@ static int get_iovec_page_array(const st
+               if (unlikely(!base))
+                       break;
+ 
++              if (unlikely(!access_ok(VERIFY_READ, base, len)))
++                      break;
++
+               /*
+                * Get this base offset and number of pages, then map
+                * in the user pages.
diff -r 69dd582e3850 -r c4e0558a0385 patches/linux-2.6.18.8/series
--- a/patches/linux-2.6.18.8/series     Mon Feb 18 14:29:50 2008 +0000
+++ b/patches/linux-2.6.18.8/series     Mon Feb 18 14:33:11 2008 +0000
@@ -24,3 +24,4 @@ linux-2.6.18-xen-375-748cd890ea7f
 linux-2.6.18-xen-375-748cd890ea7f
 linux-2.6.18-xen-376-353802ec1caf
 linux-2.6.18-xen-405-369b676a3243
+linux-2.6.18-xen-416-08e85e79c65d

_______________________________________________
Xen-changelog mailing list
Xen-changelog@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-changelog