Re: Re: Update - Re: [oss-security] CVE request? buffer overflow in CIFS in 2.6.*

On Thu, May 14, 2009 at 01:01:11PM -0400, Steven M. Christey wrote:
> 
> On Thu, 14 May 2009, Eugene Teo wrote:
> 
> > >> CVE-2009-NOT-YET-ASSIGNED:
> > >>  http://git.kernel.org/linus/27b87fe52baba0a55e9723030e76fce94fabcea4
> > >>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=7b0c8fcff47a885743125dd843db64af41af5a61
> > >>  http://git.kernel.org/?p=linux/kernel/git/sfrench/cifs-2.6.git;a=commit;h=968460ebd8006d55661dec0fb86712b40d71c413
> > >>  + some others in progress
> >
> > These fixes need to be tagged to a CVE.
> 
> Use CVE-2009-1633, to be filled in later.  This CVE should be anchored
> *only* on the issue above.
> 
> I'm almost afraid to ask what relationship there is between the above
> commits and the extensive list of other issues from Jeff Layton, which
> lists the above commit and a ton of others.  Mark Cox or Josh Bressers,
> this might be a good time for you to step in CNA-wise?

The string conversion code in the CIFS module handling was rewritten
to be able to handle destination buffer sizes.

Its basically starting with this commit:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7fabf0c9479fef9fdb9528a5fbdb1cb744a744a4
and then conversions of the code to it.

I am however not sure of how much needs to be backported, I guess only
the stuff already with CVE entries.

Ciao, Marcus