SOURCES (LINUX_2_6_22): kernel-vmsplice.patch - more complete one ...

[arekm]

Author: arekm                        Date: Sun Feb 10 19:20:34 2008 GMT
Module: SOURCES                       Tag: LINUX_2_6_22
---- Log message:
- more complete one from debian bts

---- Files affected:
SOURCES:
   kernel-vmsplice.patch (1.1.2.1 -> 1.1.2.2) 

---- Diffs:

================================================================
Index: SOURCES/kernel-vmsplice.patch
diff -u SOURCES/kernel-vmsplice.patch:1.1.2.1 SOURCES/kernel-vmsplice.patch:1.1.2.2
--- SOURCES/kernel-vmsplice.patch:1.1.2.1	Sun Feb 10 19:22:18 2008
+++ SOURCES/kernel-vmsplice.patch	Sun Feb 10 20:20:29 2008
@@ -1,15 +1,28 @@
---- a/fs/splice.c.org	2008-02-10 18:59:14.848560519 +0100
-+++ b/fs/splice.c	2008-02-10 19:17:03.955805594 +0100
-@@ -1163,6 +1163,12 @@
+diff --git a/fs/splice.c b/fs/splice.c
+index 684bca3..2d7e598 100644
+--- a/fs/splice.c
++++ b/fs/splice.c
+@@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
  		size_t len;
  		int i;
  
-+		/* CVE-2008-0009, CVE-2008-0010 fix */ 
-+		if(!access_ok(VERIFY_READ, base, len)) { 
-+			error = -EFAULT; 
-+			break; 
++		if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {
++			error = -EFAULT;
++			break;
 +		}
 +
  		/*
  		 * Get user address base and length for this iovec.
  		 */
+@@ -1141,6 +1146,11 @@ static int get_iovec_page_array(const struct iovec __user *iov,
+ 		if (unlikely(!base))
+ 			break;
+ 
++		if (!access_ok(VERIFY_READ, base, len)) {
++			error = -EFAULT;
++			break;
++		}
++
+ 		/*
+ 		 * Get this base offset and number of pages, then map
+ 		 * in the user pages.
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/SOURCES/kernel-vmsplice.patch?r1=1.1.2.1&r2=1.1.2.2&f=u