tags 464945 patch On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote: > Just try explot from http://www.milw0rm.com/exploits/5092 at my > linux-image-2.6.18-5-686 kernel. And it works. Please backport patch > from 2.6.24.1 kernel (CVE-2008-0009/10). Preliminary patch, it includes more checks then the update in 2.6.24.1. It at least fixes the exploit. Bastian
diff --git a/fs/splice.c b/fs/splice.c index 684bca3..2d7e598 100644 --- a/fs/splice.c +++ b/fs/splice.c @@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec __user *iov, size_t len; int i; + if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) { + error = -EFAULT; + break; + } + /* * Get user address base and length for this iovec. */ @@ -1141,6 +1146,11 @@ static int get_iovec_page_array(const struct iovec __user *iov, if (unlikely(!base)) break; + if (!access_ok(VERIFY_READ, base, len)) { + error = -EFAULT; + break; + } + /* * Get this base offset and number of pages, then map * in the user pages.
Attachment:
signature.asc
Description: Digital signature