Ubuntu
nbd package

Merge lp:~ari-tczew/ubuntu/natty/nbd/lp-718300 into lp:ubuntu/natty/nbd

  1. Natty (11.04)
  2. lp-718300
  3. Merge into natty
Proposed by Artur Rona
Status: Needs review
Proposed branch: lp:~ari-tczew/ubuntu/natty/nbd/lp-718300
Merge into: lp:ubuntu/natty/nbd
Diff against target: 37 lines (+10/-2)
2 files modified
debian/changelog (+8/-0)
nbd-server.c (+2/-2)
To merge this branch: bzr merge lp:~ari-tczew/ubuntu/natty/nbd/lp-718300
Reviewer Review Type Date Requested Status
Marc Deslauriers Approve
Review via email: mp+50518@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Marc Deslauriers (mdeslaur) wrote :

Thanks!

review: Approve
Reply

Unmerged revisions

26. By Artur Rona

* SECURITY UPDATE: Fix reintroduced CVE-2005-3534. Cherry-pick from
  git upstream 3ef52043861ab16352d49af89e048ba6339d6df8 (LP: #718300)
  - CVE-2011-0530

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2011-01-26 01:11:28 +0000
3+++ debian/changelog 2011-02-20 18:24:26 +0000
4@@ -1,3 +1,11 @@
5+nbd (1:2.9.16-7.1ubuntu2) natty; urgency=low
6+
7+ * SECURITY UPDATE: Fix reintroduced CVE-2005-3534. Cherry-pick from
8+ git upstream 3ef52043861ab16352d49af89e048ba6339d6df8 (LP: #718300)
9+ - CVE-2011-0530
10+
11+ -- Artur Rona <ari-tczew@ubuntu.com> Sun, 20 Feb 2011 19:03:16 +0100
12+
13 nbd (1:2.9.16-7.1ubuntu1) natty; urgency=low
14
15 * Merge from debian unstable. Remaining changes: (LP: #707736)
16
17=== modified file 'nbd-server.c'
18--- nbd-server.c 2010-08-23 15:27:00 +0000
19+++ nbd-server.c 2011-02-20 18:24:26 +0000
20@@ -144,7 +144,7 @@
21 #define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))
22 #define LINELEN 256 /**< Size of static buffer used to read the
23 authorization file (yuck) */
24-#define BUFSIZE (1024*1024) /**< Size of buffer that can hold requests */
25+#define BUFSIZE ((1024*1024)+sizeof(struct nbd_reply)) /**< Size of buffer that can hold requests */
26 #define DIFFPAGESIZE 4096 /**< diff file uses those chunks */
27 #define F_READONLY 1 /**< flag to tell us a file is readonly */
28 #define F_MULTIFILE 2 /**< flag to tell us a file is exported using -m */
29@@ -1264,7 +1264,7 @@
30
31 if (request.magic != htonl(NBD_REQUEST_MAGIC))
32 err("Not enough magic.");
33- if (len > BUFSIZE + sizeof(struct nbd_reply))
34+ if (len > BUFSIZE - sizeof(struct nbd_reply))
35 err("Request too big!");
36 #ifdef DODBG
37 printf("%s from %llu (%llu) len %d, ", request.type ? "WRITE" :

Subscribers

People subscribed via source and target branches

to all changes: