Sophie

Sophie

distrib > Scientific%20Linux > 5x > x86_64 > by-pkgid > 27922b4260f65d317aabda37e42bbbff > files > 937

kernel-2.6.18-238.el5.src.rpm

From: Eugene Teo <eteo@redhat.com>
Date: Tue, 14 Oct 2008 11:02:21 +0800
Subject: [fs] don't allow splice to files opened with O_APPEND
Message-id: 48F40BBD.8000203@redhat.com
O-Subject: [RHEL5.3 patch] BZ#466710 kernel: don't allow splice() to files opened with O_APPEND
Bugzilla: 466710
RH-Acked-by: Eric Paris <eparis@redhat.com>
RH-Acked-by: Jiri Pirko <jpirko@redhat.com>
RH-Acked-by: Jeff Moyer <jmoyer@redhat.com>
CVE: CVE-2008-4554

This is for bz#466710.

Miklos Szeredi reported that splice() to files opened with O_APPEND are
ignored, which allows users to bypass the append-only restriction.

Backport of upstream commit: efc968d450e013049a662d22727cf132618dcb2f

Brew build:
http://porkchop.redhat.com/brewroot/scratch/eteo/task_1516816

Test status:
Booted on i686.

Signed-off-by: Eugene Teo <eteo@redhat.com>

diff --git a/fs/splice.c b/fs/splice.c
index 32e0cc1..76aa3c0 100644
--- a/fs/splice.c
+++ b/fs/splice.c
@@ -897,6 +897,9 @@ static long do_splice_from(struct pipe_inode_info *pipe, struct file *out,
 	if (unlikely(!(out->f_mode & FMODE_WRITE)))
 		return -EBADF;
 
+	if (unlikely(out->f_flags & O_APPEND))
+		return -EINVAL;
+
 	ret = rw_verify_area(WRITE, out, ppos, len);
 	if (unlikely(ret < 0))
 		return ret;