labbott pushed to kernel (f20). "Fix auditing of canonical mode (rhbz 1188695)"
notifications at fedoraproject.org
notifications at fedoraproject.org
Wed Jun 3 17:47:20 UTC 2015
From fcaffe566141ebbbf0ffcdb28ed823482c868c32 Mon Sep 17 00:00:00 2001
From: Laura Abbott <labbott at fedoraproject.org>
Date: Wed, 3 Jun 2015 10:10:19 -0700
Subject: Fix auditing of canonical mode (rhbz 1188695)
diff --git a/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch b/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch
new file mode 100644
index 0000000..4a39105
--- /dev/null
+++ b/0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch
@@ -0,0 +1,64 @@
+From 9983ea5b8ff57286d625787ee8fd6ce5df430fbc Mon Sep 17 00:00:00 2001
+From: Laura Abbott <labbott at fedoraproject.org>
+Date: Wed, 13 May 2015 17:03:06 -0700
+Subject: [PATCH] n_tty: Fix auditing support for cannonical mode
+To: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
+To: Jiri Slaby <jslaby at suse.cz>
+To: Peter Hurley <peter at hurleysoftware.com>
+To: Andy Lutomirski <luto at amacapital.net>
+Cc: linux-kernel at vger.kernel.org
+
+Commit 32f13521ca68bc624ff6effc77f308a52b038bf0
+("n_tty: Line copy to user buffer in canonical mode")
+changed cannonical mode copying to use copy_to_user
+but missed adding the call to the audit framework.
+Add in the appropriate functions to get audit support.
+
+Fixes: 32f13521ca68 ("n_tty: Line copy to user buffer in canonical mode")
+Reported-by: Miloslav Trmač <mitr at redhat.com>
+Signed-off-by: Laura Abbott <labbott at fedoraproject.org>
+---
+ drivers/tty/n_tty.c | 17 ++++++++++++++---
+ 1 file changed, 14 insertions(+), 3 deletions(-)
+
+diff --git a/drivers/tty/n_tty.c b/drivers/tty/n_tty.c
+index cf6e0f2..1a3d39b 100644
+--- a/drivers/tty/n_tty.c
++++ b/drivers/tty/n_tty.c
+@@ -162,6 +162,17 @@ static inline int tty_put_user(struct tty_struct *tty, unsigned char x,
+ return put_user(x, ptr);
+ }
+
++static inline int tty_copy_to_user(struct tty_struct *tty,
++ void __user *to,
++ const void *from,
++ unsigned long n)
++{
++ struct n_tty_data *ldata = tty->disc_data;
++
++ tty_audit_add_data(tty, to, n, ldata->icanon);
++ return copy_to_user(to, from, n);
++}
++
+ /**
+ * n_tty_kick_worker - start input worker (if required)
+ * @tty: terminal
+@@ -2072,12 +2083,12 @@ static int canon_copy_from_read_buf(struct tty_struct *tty,
+ __func__, eol, found, n, c, size, more);
+
+ if (n > size) {
+- ret = copy_to_user(*b, read_buf_addr(ldata, tail), size);
++ ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), size);
+ if (ret)
+ return -EFAULT;
+- ret = copy_to_user(*b + size, ldata->read_buf, n - size);
++ ret = tty_copy_to_user(tty, *b + size, ldata->read_buf, n - size);
+ } else
+- ret = copy_to_user(*b, read_buf_addr(ldata, tail), n);
++ ret = tty_copy_to_user(tty, *b, read_buf_addr(ldata, tail), n);
+
+ if (ret)
+ return -EFAULT;
+--
+2.1.0
+
diff --git a/kernel.spec b/kernel.spec
index e5237ee..9c89470 100644
--- a/kernel.spec
+++ b/kernel.spec
@@ -802,6 +802,9 @@ Patch26216: 0001-target-use-vfs_iter_read-write-in-fd_do_rw.patch
#CVE-2015-1420 rhbz 1187534 1227417
Patch26217: vfs-read-file_handle-only-once-in-handle_to_path.patch
+#rhbz 1188695
+Patch26218: 0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch
+
# END OF PATCH DEFINITIONS
%endif
@@ -1573,6 +1576,9 @@ ApplyPatch 0001-target-use-vfs_iter_read-write-in-fd_do_rw.patch
#CVE-2015-1420 rhbz 1187534 1227417
ApplyPatch vfs-read-file_handle-only-once-in-handle_to_path.patch
+#rhbz 1188695
+ApplyPatch 0001-n_tty-Fix-auditing-support-for-cannonical-mode.patch
+
# END OF PATCH APPLICATIONS
%endif
@@ -2384,6 +2390,9 @@ fi
# ||----w |
# || ||
%changelog
+* Wed Jun 03 2015 Laura Abbott <labbott at fedoraproject.org>
+- Fix auditing of canonical mode (rhbz 1188695)
+
* Wed Jun 03 2015 Josh Boyer <jwboyer at fedoraproject.org>
- CVE-2015-1420 fhandle race condition (rhbz 1187534 1227417)
--
cgit v0.10.2
http://pkgs.fedoraproject.org/cgit/kernel.git/commit/?h=f20&id=fcaffe566141ebbbf0ffcdb28ed823482c868c32
More information about the scm-commits
mailing list