diff --git a/kernel.spec b/kernel.spec index 3be1c083a..b5d2f86e2 100644 --- a/kernel.spec +++ b/kernel.spec @@ -754,6 +754,8 @@ Patch21079: 03-dm-dont-fwd-ioctls-from-LVs-to-underlying-dev.patch #rhbz 782681 Patch21085: proc-clean-up-and-fix-proc-pid-mem-handling.patch +#rhbz 782687 +Patch21086: loop-prevent-information-leak-after-failed-read.patch %endif @@ -1400,6 +1402,9 @@ ApplyPatch 03-dm-dont-fwd-ioctls-from-LVs-to-underlying-dev.patch #rhbz 782681 ApplyPatch proc-clean-up-and-fix-proc-pid-mem-handling.patch +#rhbz 782687 +ApplyPatch loop-prevent-information-leak-after-failed-read.patch + # END OF PATCH APPLICATIONS %endif @@ -2052,6 +2057,7 @@ fi * Wed Jan 18 2012 Josh Boyer - CVE-2012-0056 proc: clean up and fix /proc//mem (rhbz 782681) +- loop: prevent information leak after failed read (rhbz 782687) * Tue Jan 17 2012 Josh Boyer - CVE-2011-4127 possible privilege escalation via SG_IO ioctl (rhbz 769911) diff --git a/loop-prevent-information-leak-after-failed-read.patch b/loop-prevent-information-leak-after-failed-read.patch new file mode 100644 index 000000000..040a234c3 --- /dev/null +++ b/loop-prevent-information-leak-after-failed-read.patch @@ -0,0 +1,41 @@ +From 3bb9068278ea524581237abadd41377a14717e7d Mon Sep 17 00:00:00 2001 +From: Dmitry Monakhov +Date: Wed, 16 Nov 2011 09:21:48 +0100 +Subject: [PATCH] loop: prevent information leak after failed read + +If read was not fully successful we have to fail whole bio to prevent +information leak of old pages + +##Testcase_begin +dd if=/dev/zero of=./file bs=1M count=1 +losetup /dev/loop0 ./file -o 4096 +truncate -s 0 ./file +# OOps loop offset is now beyond i_size, so read will silently fail. +# So bio's pages would not be cleared, may which result in information leak. +hexdump -C /dev/loop0 +##testcase_end + +Signed-off-by: Dmitry Monakhov +Signed-off-by: Andrew Morton +Signed-off-by: Jens Axboe +--- + drivers/block/loop.c | 3 ++- + 1 files changed, 2 insertions(+), 1 deletions(-) + +diff --git a/drivers/block/loop.c b/drivers/block/loop.c +index 3d80682..0d56739 100644 +--- a/drivers/block/loop.c ++++ b/drivers/block/loop.c +@@ -372,7 +372,8 @@ do_lo_receive(struct loop_device *lo, + + if (retval < 0) + return retval; +- ++ if (retval != bvec->bv_len) ++ return -EIO; + return 0; + } + +-- +1.7.7.5 +