Added patches for the CAN-2004-0109 issue; bug #47881.

5 files changed, 110 insertions, 4 deletions

diff --git a/sys-kernel/ck-sources/ChangeLog b/sys-kernel/ck-sources/ChangeLog
index 6792959a182b..c5c4962eb44b 100644
--- a/sys-kernel/ck-sources/ChangeLog
+++ b/sys-kernel/ck-sources/ChangeLog
@@ -1,6 +1,11 @@
 # ChangeLog for sys-kernel/ck-sources
 # Copyright 2002-2004 Gentoo Technologies, Inc.; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.28 2004/04/14 07:14:07 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ChangeLog,v 1.29 2004/04/15 08:09:07 plasmaroo Exp $
+
+  15 Apr 2004; <plasmaroo@gentoo.org> ck-sources-2.4.25-r1.ebuild,
+  ck-sources-2.6.4-r2.ebuild, files/ck-sources-2.4.25.CAN-2004-0109.patch,
+  files/ck-sources-2.6.4.CAN-2004-0109.patch:
+  Added patches for the CAN-2004-0109 issue; bug #47881.
 
   14 Apr 2004; Daniel Ahlberg <aliz@gentoo.org> ck-sources-2.6.4-r2.ebuild:
   Added IUSE=
diff --git a/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild b/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild
index cf9cf243ce99..163f134c23fc 100644
--- a/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild
+++ b/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild,v 1.1 2004/03/14 12:00:58 plasmaroo Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.4.25-r1.ebuild,v 1.2 2004/04/15 08:09:07 plasmaroo Exp $
 
 IUSE="build"
 
@@ -58,5 +58,6 @@ src_unpack() {
 	fi
 
 	bzcat ${DISTDIR}/patch-${KV}.bz2|patch -p1 || die "-lck patch failed!"
+	epatch ${FILESDIR}/${P}.CAN-2004-0109.patch || die "Failed to patch CAN-2004-0109 vulnerability!"
 	kernel_universal_unpack
 }
diff --git a/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild b/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild
index 32e71ab3dcda..9bace55906e7 100644
--- a/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild
+++ b/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2004 Gentoo Technologies, Inc.
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild,v 1.2 2004/04/14 07:14:07 aliz Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-kernel/ck-sources/ck-sources-2.6.4-r2.ebuild,v 1.3 2004/04/15 08:09:07 plasmaroo Exp $
 
-UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2"
+UNIPATCH_LIST="${DISTDIR}/patch-${KV}.bz2 ${FILESDIR}/${P}.CAN-2004-0109.patch"
 K_PREPATCHED="yes"
 UNIPATCH_STRICTORDER="yes"
 
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.4.25.CAN-2004-0109.patch b/sys-kernel/ck-sources/files/ck-sources-2.4.25.CAN-2004-0109.patch
new file mode 100644
index 000000000000..d02b51c57fc6
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.4.25.CAN-2004-0109.patch
@@ -0,0 +1,87 @@
+--- linux/fs/isofs/rock.c.orig
++++ linux/fs/isofs/rock.c
+@@ -14,6 +14,7 @@
+ #include <linux/slab.h>
+ #include <linux/pagemap.h>
+ #include <linux/smp_lock.h>
++#include <asm/page.h>
+ 
+ #include "rock.h"
+ 
+@@ -419,7 +420,7 @@
+   return 0;
+ }
+ 
+-static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr)
++static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
+ {
+ 	int slen;
+ 	int rootflag;
+@@ -431,16 +432,25 @@
+ 		rootflag = 0;
+ 		switch (slp->flags & ~1) {
+ 		case 0:
++			if (slp->len > plimit - rpnt)
++				return NULL;
+ 			memcpy(rpnt, slp->text, slp->len);
+ 			rpnt+=slp->len;
+ 			break;
++		case 2:
++			if (rpnt >= plimit)
++				return NULL;
++			*rpnt++='.';
++			break;
+ 		case 4:
++			if (2 > plimit - rpnt)
++				return NULL;
+ 			*rpnt++='.';
+-			/* fallthru */
+-		case 2:
+ 			*rpnt++='.';
+ 			break;
+ 		case 8:
++			if (rpnt >= plimit)
++				return NULL;
+ 			rootflag = 1;
+ 			*rpnt++='/';
+ 			break;
+@@ -457,17 +467,23 @@
+ 			 * If there is another SL record, and this component
+ 			 * record isn't continued, then add a slash.
+ 			 */
+-			if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1))
++			if ((!rootflag) && (rr->u.SL.flags & 1) &&
++			    !(oldslp->flags & 1)) {
++				if (rpnt >= plimit)
++					return NULL;
+ 				*rpnt++='/';
++			}
+ 			break;
+ 		}
+ 
+ 		/*
+ 		 * If this component record isn't continued, then append a '/'.
+ 		 */
+-		if (!rootflag && !(oldslp->flags & 1))
++		if (!rootflag && !(oldslp->flags & 1)) {
++			if (rpnt >= plimit)
++				return NULL;
+ 			*rpnt++='/';
+-
++		}
+ 	}
+ return rpnt;
+ }
+@@ -548,7 +564,10 @@
+ 			CHECK_SP(goto out);
+ 			break;
+ 		case SIG('S', 'L'):
+-			rpnt = get_symlink_chunk(rpnt, rr);
++			rpnt = get_symlink_chunk(rpnt, rr,
++						 link + (PAGE_SIZE - 1));
++			if (rpnt == NULL)
++				goto out;
+ 			break;
+ 		case SIG('C', 'E'):
+ 			/* This tells is if there is a continuation record */
+
diff --git a/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch
new file mode 100644
index 000000000000..03f49e4f6d7d
--- /dev/null
+++ b/sys-kernel/ck-sources/files/ck-sources-2.6.4.CAN-2004-0109.patch
@@ -0,0 +1,13 @@
+--- linux/mm/mremap.c.orig	2004-01-05 17:01:21.382104120 +0000
++++ linux/mm/mremap.c	2004-01-05 17:15:25.689749848 +0000
+@@ -270,6 +270,10 @@
+ 	old_len = PAGE_ALIGN(old_len);
+ 	new_len = PAGE_ALIGN(new_len);
+ 
++	/* Don't allow the degenerate cases */
++	if (!old_len || !new_len)
++		goto out;
++
+ 	/* new_addr is only valid if MREMAP_FIXED is specified */
+ 	if (flags & MREMAP_FIXED) {
+ 		if (new_addr & ~PAGE_MASK)