Version bump for the binfmt_elf security vulnerability, bug #70681.

author: Tim Yamin <plasmaroo@gentoo.org> 2004-11-12 19:57:20 +0000
committer: Tim Yamin <plasmaroo@gentoo.org> 2004-11-12 19:57:20 +0000
commit: 4b0c2acd0ec584670c6f563a23418323b889e739 (patch)
tree: 5378acba932e5715a79e7cda57745ca7eb9edce4 /sys-kernel/uclinux-sources
parent: Initial ebuild, submitted by Martin Scmitz <martin@linux-tv.org> and Peter To... (diff)
download: gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.tar.gz
gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.tar.bz2
gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.zip
7 files changed, 158 insertions, 3 deletions
diff --git a/sys-kernel/uclinux-sources/ChangeLog b/sys-kernel/uclinux-sources/ChangeLog
index 6e153df729f7..e42fae30e5d8 100644
--- a/sys-kernel/uclinux-sources/ChangeLog
+++ b/sys-kernel/uclinux-sources/ChangeLog
@@ -1,6 +1,15 @@
 # ChangeLog for sys-kernel/uclinux-sources
 # Copyright 2000-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.20 2004/11/09 19:27:14 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/ChangeLog,v 1.21 2004/11/12 19:57:20 plasmaroo Exp $
+
+*uclinux-sources-2.6.7_p0-r8 (12 Nov 2004)
+
+  12 Nov 2004; <plasmaroo@gentoo.org> -uclinux-sources-2.4.26_p0-r7.ebuild,
+  +uclinux-sources-2.4.26_p0-r8.ebuild, -uclinux-sources-2.6.7_p0-r7.ebuild,
+  +uclinux-sources-2.6.7_p0-r8.ebuild,
+  +files/uclinux-sources-2.4.26_p0.binfmt_elf.patch,
+  +files/uclinux-sources-2.6.binfmt_elf.patch:
+  Version bump for the binfmt_elf security vulnerability, bug #70681.
 
 *uclinux-sources-2.4.26_p0-r7 (09 Nov 2004)
 
diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r7 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r8
index 8629e7c2dfd9..8629e7c2dfd9 100644
--- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r7
+++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.4.26_p0-r8
diff --git a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r7 b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r8
index 23b9296ce2d4..23b9296ce2d4 100644
--- a/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r7
+++ b/sys-kernel/uclinux-sources/files/digest-uclinux-sources-2.6.7_p0-r8
diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch
new file mode 100644
index 000000000000..534e4c064a52
--- /dev/null
+++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.4.26_p0.binfmt_elf.patch
@@ -0,0 +1,72 @@
+--- linux-2.4.27/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
++++ linux-2.4.27-plasmaroo/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
+@@ -335,9 +335,12 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
+-	error = retval;
+-	if (retval < 0)
++	error = -EIO;
++	if (retval != size) {
++		if (retval < 0)
++			error = retval;	
+ 		goto out_close;
++	}
+ 
+ 	eppnt = elf_phdata;
+ 	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
+@@ -532,8 +535,11 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
+-	if (retval < 0)
++	if (retval != size) {
++		if (retval >= 0)
++			retval = -EIO;
+ 		goto out_free_ph;
++	}
+ 		
+ 	files = current->files;		/* Refcounted so ok */
+ 	retval = unshare_files();
+@@ -580,8 +586,14 @@
+ 			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
+ 					   elf_interpreter,
+ 					   elf_ppnt->p_filesz);
+-			if (retval < 0)
++			if (retval != elf_ppnt->p_filesz) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_interp;
++			}
++			/* make sure path is NULL terminated */
++			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++
+ 			/* If the program interpreter is one of these two,
+ 			 * then assume an iBCS2 image. Otherwise assume
+ 			 * a native linux image.
+@@ -616,8 +628,11 @@
+ 			if (IS_ERR(interpreter))
+ 				goto out_free_interp;
+ 			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
+-			if (retval < 0)
++			if (retval != BINPRM_BUF_SIZE) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_dentry;
++			}
+ 
+ 			/* Get the exec headers */
+ 			loc->interp_ex = *((struct exec *) bprm->buf);
+@@ -776,8 +791,10 @@
+ 		}
+ 
+ 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+-		if (BAD_ADDR(error))
+-			continue;
++		if (BAD_ADDR(error)) {
++			send_sig(SIGKILL, current, 0);
++			goto out_free_dentry;
++		}
+ 
+ 		if (!load_addr_set) {
+ 			load_addr_set = 1;
diff --git a/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch
new file mode 100644
index 000000000000..9ca23675f25d
--- /dev/null
+++ b/sys-kernel/uclinux-sources/files/uclinux-sources-2.6.binfmt_elf.patch
@@ -0,0 +1,72 @@
+--- linux-2.6.7-uc0-r8/fs/binfmt_elf.c	2004-11-12 11:50:08 -08:00
++++ linux-2.6.7-uc0-r8-plasmaroo/fs/binfmt_elf.c	2004-11-12 11:50:08 -08:00
+@@ -335,9 +335,12 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
+-	error = retval;
+-	if (retval < 0)
++	error = -EIO;
++	if (retval != size) {
++		if (retval < 0)
++			error = retval;	
+ 		goto out_close;
++	}
+ 
+ 	eppnt = elf_phdata;
+ 	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
+@@ -532,8 +535,11 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(bprm->file, elf_ex.e_phoff, (char *) elf_phdata, size);
+-	if (retval < 0)
++	if (retval != size) {
++		if (retval >= 0)
++			retval = -EIO;
+ 		goto out_free_ph;
++	}
+ 
+ 	files = current->files;		/* Refcounted so ok */
+ 	retval = unshare_files();
+@@ -580,8 +586,14 @@
+ 			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
+ 					   elf_interpreter,
+ 					   elf_ppnt->p_filesz);
+-			if (retval < 0)
++			if (retval != elf_ppnt->p_filesz) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_interp;
++			}
++			/* make sure path is NULL terminated */
++			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++
+ 			/* If the program interpreter is one of these two,
+ 			 * then assume an iBCS2 image. Otherwise assume
+ 			 * a native linux image.
+@@ -616,8 +628,11 @@
+ 			if (IS_ERR(interpreter))
+ 				goto out_free_interp;
+ 			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
+-			if (retval < 0)
++			if (retval != BINPRM_BUF_SIZE) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_dentry;
++			}
+ 
+ 			/* Get the exec headers */
+ 			loc->interp_ex = *((struct exec *) bprm->buf);
+@@ -776,8 +791,10 @@
+ 		}
+ 
+ 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+-		if (BAD_ADDR(error))
+-			continue;
++		if (BAD_ADDR(error)) {
++			send_sig(SIGKILL, current, 0);
++			goto out_free_dentry;
++		}
+ 
+ 		if (!load_addr_set) {
+ 			load_addr_set = 1;
diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r8.ebuild
index 67103cc3f15b..25aff5630860 100644
--- a/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild
+++ b/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r8.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r7.ebuild,v 1.1 2004/11/09 19:27:14 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.4.26_p0-r8.ebuild,v 1.1 2004/11/12 19:57:20 plasmaroo Exp $
 
 IUSE=""
 
@@ -57,6 +57,7 @@ src_unpack() {
 	epatch ${FILESDIR}/${P}.FPULockup-53804.patch || die "Failed to apply FPU-lockup patch!"
 	epatch ${FILESDIR}/${P}.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
 	epatch ${FILESDIR}/${P}.XDRWrapFix.patch || die "Failed to apply the kNFSd XDR patch!"
+	epatch ${FILESDIR}/${P}.binfmt_elf.patch || die "Failed to apply the binfmt_elf patch!"
 
 	kernel_universal_unpack
 	set ARCH=${MY_ARCH}
diff --git a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r8.ebuild
index db82cb425c1d..df3c58e05365 100644
--- a/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild
+++ b/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r8.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r7.ebuild,v 1.1 2004/11/09 19:27:14 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/uclinux-sources/uclinux-sources-2.6.7_p0-r8.ebuild,v 1.1 2004/11/12 19:57:20 plasmaroo Exp $
 
 IUSE=""
 
@@ -50,6 +50,7 @@ src_unpack() {
 	epatch ${FILESDIR}/${PN}-2.6.cmdlineLeak.patch || die "Failed to apply the /proc/cmdline patch!"
 	epatch ${FILESDIR}/${PN}-2.6.CAN-2004-0816.patch || die "Failed to apply the CAN-2004-0816 patch!"
 	epatch ${FILESDIR}/${PN}-2.6.devPtmx.patch || die "Failed to apply /dev/ptmx patch!"
+	epatch ${FILESDIR}/${PN}-2.6.binfmt_elf.patch || die "Failed to apply binfmt_elf patch!"
 
 	set MY_ARCH=${ARCH}
 	unset ARCH
author	Tim Yamin <plasmaroo@gentoo.org>	2004-11-12 19:57:20 +0000
committer	Tim Yamin <plasmaroo@gentoo.org>	2004-11-12 19:57:20 +0000
commit	4b0c2acd0ec584670c6f563a23418323b889e739 (patch)
tree	5378acba932e5715a79e7cda57745ca7eb9edce4 /sys-kernel/uclinux-sources
parent	Initial ebuild, submitted by Martin Scmitz <martin@linux-tv.org> and Peter To... (diff)
download	gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.tar.gz gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.tar.bz2 gentoo-2-4b0c2acd0ec584670c6f563a23418323b889e739.zip