tags 464945 patch On Sun, Feb 10, 2008 at 03:19:20AM +0300, Okulov Vitaliy wrote: > Just try explot from http://www.milw0rm.com/exploits/5092 at my > linux-image-2.6.18-5-686 kernel. And it works. Please backport patch > from 2.6.24.1 kernel (CVE-2008-0009/10).
Preliminary patch, it includes more checks then the update in 2.6.24.1. It at least fixes the exploit. Bastian
diff --git a/fs/splice.c b/fs/splice.c
index 684bca3..2d7e598 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -1122,6 +1122,11 @@ static int get_iovec_page_array(const struct iovec
__user *iov,
size_t len;
int i;
+ if (!access_ok(VERIFY_READ, iov, sizeof(struct iovec))) {
+ error = -EFAULT;
+ break;
+ }
+
/*
* Get user address base and length for this iovec.
*/
@@ -1141,6 +1146,11 @@ static int get_iovec_page_array(const struct iovec
__user *iov,
if (unlikely(!base))
break;
+ if (!access_ok(VERIFY_READ, base, len)) {
+ error = -EFAULT;
+ break;
+ }
+
/*
* Get this base offset and number of pages, then map
* in the user pages.
signature.asc
Description: Digital signature
