Patching for binfmt_elf security vulnerability, bug #70681.

4 files changed, 90 insertions, 11 deletions

diff --git a/sys-kernel/ac-sources/ChangeLog b/sys-kernel/ac-sources/ChangeLog
index de22b61ece78..7bf201dde612 100644
--- a/sys-kernel/ac-sources/ChangeLog
+++ b/sys-kernel/ac-sources/ChangeLog
@@ -1,6 +1,10 @@
 # ChangeLog for sys-kernel/ac-sources
 # Copyright 1999-2004 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.40 2004/11/09 14:22:47 lostlogic Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ChangeLog,v 1.41 2004/11/12 17:54:39 plasmaroo Exp $
+
+  12 Nov 2004; <plasmaroo@gentoo.org> ac-sources-2.6.9-r7.ebuild,
+  +files/ac-sources-2.6.9.binfmt_elf.patch:
+  Patching for binfmt_elf security vulnerability, bug #70681.
 
 *ac-sources-2.6.9-r7 (09 Nov 2004)
 
diff --git a/sys-kernel/ac-sources/Manifest b/sys-kernel/ac-sources/Manifest
index de8eae94dcfe..70ee402fd498 100644
--- a/sys-kernel/ac-sources/Manifest
+++ b/sys-kernel/ac-sources/Manifest
@@ -1,13 +1,14 @@
-MD5 c0c053ed0824614431987101ab4bf24d ac-sources-2.6.9-r6.ebuild 1046
+MD5 33303174d3a358ff00029606e5695c57 ChangeLog 1127
 MD5 2d0ac3655d40b781c84031301a780024 ac-sources-2.6.9-r1.ebuild 1091
-MD5 4112cf99cee9056a4e23fe5d5e075f3a ac-sources-2.6.9-r5.ebuild 1046
-MD5 65b112ef42b0c0420b6f789a67d721a3 ac-sources-2.6.9-r7.ebuild 1046
 MD5 2ce96c96088db3544980dcad624fa8f1 ac-sources-2.6.9-r2.ebuild 1046
-MD5 4cd91c5cbad84c5b270576f1b3d7adde ChangeLog 954
 MD5 2b0cfdcefc398952a818684668e808f1 metadata.xml 384
-MD5 508c49456dcb30096fe21b4619e9e8aa files/digest-ac-sources-2.6.9-r1 129
-MD5 cd09c274efab61c5d471a09ff36ff6af files/digest-ac-sources-2.6.9-r2 129
-MD5 1276cffcc9f684ea99c242316f8f4c0b files/digest-ac-sources-2.6.9-r5 129
+MD5 c0c053ed0824614431987101ab4bf24d ac-sources-2.6.9-r6.ebuild 1046
+MD5 4112cf99cee9056a4e23fe5d5e075f3a ac-sources-2.6.9-r5.ebuild 1046
+MD5 3d01c0d70363ac20f04b6e16b3669550 ac-sources-2.6.9-r7.ebuild 1083
+MD5 2c667e2fa7172f460e6e9c2699acded2 files/2.6.9-ac1-fix-extraversion.patch 1288
 MD5 c615cce31b3bce3e255e497291bcd76f files/digest-ac-sources-2.6.9-r6 129
+MD5 39f7a32c0c0a5275988d20a253d53cf8 files/ac-sources-2.6.9.binfmt_elf.patch 1931
+MD5 cd09c274efab61c5d471a09ff36ff6af files/digest-ac-sources-2.6.9-r2 129
+MD5 508c49456dcb30096fe21b4619e9e8aa files/digest-ac-sources-2.6.9-r1 129
 MD5 ab11de7d3a6b41dc2d9889a0094c0012 files/digest-ac-sources-2.6.9-r7 129
-MD5 2c667e2fa7172f460e6e9c2699acded2 files/2.6.9-ac1-fix-extraversion.patch 1288
+MD5 1276cffcc9f684ea99c242316f8f4c0b files/digest-ac-sources-2.6.9-r5 129
diff --git a/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild b/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
index cc1653ff995c..5d4ea77760f8 100644
--- a/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
+++ b/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild
@@ -1,8 +1,10 @@
 # Copyright 1999-2004 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild,v 1.1 2004/11/09 14:22:47 lostlogic Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ac-sources/ac-sources-2.6.9-r7.ebuild,v 1.2 2004/11/12 17:54:39 plasmaroo Exp $
 
-UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2"
+UNIPATCH_LIST="
+	${DISTDIR}/patch-${KV}.bz2
+	${FILESDIR}/${P}.binfmt_elf.patch"
 K_PREPATCHED="yes"
 UNIPATCH_STRICTORDER="yes"
 
diff --git a/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch b/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch
new file mode 100644
index 000000000000..92e5db882eab
--- /dev/null
+++ b/sys-kernel/ac-sources/files/ac-sources-2.6.9.binfmt_elf.patch
@@ -0,0 +1,72 @@
+--- linux-2.4.27/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
++++ linux-2.4.27-plasmaroo/fs/binfmt_elf.c	2004-11-10 12:25:16 -08:00
+@@ -335,9 +335,12 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(interpreter,interp_elf_ex->e_phoff,(char *)elf_phdata,size);
+-	error = retval;
+-	if (retval < 0)
++	error = -EIO;
++	if (retval != size) {
++		if (retval < 0)
++			error = retval;	
+ 		goto out_close;
++	}
+ 
+ 	eppnt = elf_phdata;
+ 	for (i=0; i<interp_elf_ex->e_phnum; i++, eppnt++) {
+@@ -532,8 +535,11 @@
+ 		goto out;
+ 
+ 	retval = kernel_read(bprm->file, loc->elf_ex.e_phoff, (char *) elf_phdata, size);
+-	if (retval < 0)
++	if (retval != size) {
++		if (retval >= 0)
++			retval = -EIO;
+ 		goto out_free_ph;
++	}
+ 
+ 	files = current->files;		/* Refcounted so ok */
+ 	retval = unshare_files();
+@@ -580,8 +586,14 @@
+ 			retval = kernel_read(bprm->file, elf_ppnt->p_offset,
+ 					   elf_interpreter,
+ 					   elf_ppnt->p_filesz);
+-			if (retval < 0)
++			if (retval != elf_ppnt->p_filesz) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_interp;
++			}
++			/* make sure path is NULL terminated */
++			elf_interpreter[elf_ppnt->p_filesz - 1] = '\0';
++
+ 			/* If the program interpreter is one of these two,
+ 			 * then assume an iBCS2 image. Otherwise assume
+ 			 * a native linux image.
+@@ -616,8 +628,11 @@
+ 			if (IS_ERR(interpreter))
+ 				goto out_free_interp;
+ 			retval = kernel_read(interpreter, 0, bprm->buf, BINPRM_BUF_SIZE);
+-			if (retval < 0)
++			if (retval != BINPRM_BUF_SIZE) {
++				if (retval >= 0)
++					retval = -EIO;
+ 				goto out_free_dentry;
++			}
+ 
+ 			/* Get the exec headers */
+ 			loc->interp_ex = *((struct exec *) bprm->buf);
+@@ -776,8 +791,10 @@
+ 		}
+ 
+ 		error = elf_map(bprm->file, load_bias + vaddr, elf_ppnt, elf_prot, elf_flags);
+-		if (BAD_ADDR(error))
+-			continue;
++		if (BAD_ADDR(error)) {
++			send_sig(SIGKILL, current, 0);
++			goto out_free_dentry;
++		}
+ 
+ 		if (!load_addr_set) {
+ 			load_addr_set = 1;