[thirdparty/kernel/stable-queue.git] / releases / 3.10.16 / sparc64-fix-buggy-strlcpy-conversion-in-ldom_reboot.patch

From 2df267384cc05ac3f08f5bb3e4800b240ce773d7 Mon Sep 17 00:00:00 2001
From: "David S. Miller" <davem@davemloft.net>
Date: Fri, 27 Sep 2013 13:46:04 -0700
Subject: sparc64: Fix buggy strlcpy() conversion in ldom_reboot().

From: "David S. Miller" <davem@davemloft.net>

[ Upstream commit 2bd161a605f1f84a5fc8a4fe8410113a94f79355 ]

Commit 117a0c5fc9c2d06045bd217385b2b39ea426b5a6 ("sparc: kernel: using
strlcpy() instead of strcpy()") added a bug to ldom_reboot in
arch/sparc/kernel/ds.c

-		strcpy(full_boot_str + strlen("boot "), boot_command);
+				     strlcpy(full_boot_str + strlen("boot "), boot_command,
+				     			     sizeof(full_boot_str + strlen("boot ")));

That last sizeof() expression evaluates to sizeof(size_t) which is
not what was intended.

Also even the corrected:

     sizeof(full_boot_str) + strlen("boot ")

is not right as the destination buffer length is just plain
"sizeof(full_boot_str)" and that's what the final argument
should be.

Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 arch/sparc/kernel/ds.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/arch/sparc/kernel/ds.c
+++ b/arch/sparc/kernel/ds.c
@@ -844,7 +844,7 @@ void ldom_reboot(const char *boot_comman
 
 		strcpy(full_boot_str, "boot ");
 		strlcpy(full_boot_str + strlen("boot "), boot_command,
-			sizeof(full_boot_str + strlen("boot ")));
+			sizeof(full_boot_str));
 		len = strlen(full_boot_str);
 
 		if (reboot_data_supported) {
Commit	Line	Data
5ccb0e70 GKH	1	From 2df267384cc05ac3f08f5bb3e4800b240ce773d7 Mon Sep 17 00:00:00 2001
	2	From: "David S. Miller" <davem@davemloft.net>
	3	Date: Fri, 27 Sep 2013 13:46:04 -0700
	4	Subject: sparc64: Fix buggy strlcpy() conversion in ldom_reboot().
	5
	6	From: "David S. Miller" <davem@davemloft.net>
	7
	8	[ Upstream commit 2bd161a605f1f84a5fc8a4fe8410113a94f79355 ]
	9
	10	Commit 117a0c5fc9c2d06045bd217385b2b39ea426b5a6 ("sparc: kernel: using
	11	strlcpy() instead of strcpy()") added a bug to ldom_reboot in
	12	arch/sparc/kernel/ds.c
	13
	14	- strcpy(full_boot_str + strlen("boot "), boot_command);
	15	+ strlcpy(full_boot_str + strlen("boot "), boot_command,
	16	+ sizeof(full_boot_str + strlen("boot ")));
	17
	18	That last sizeof() expression evaluates to sizeof(size_t) which is
	19	not what was intended.
	20
	21	Also even the corrected:
	22
	23	sizeof(full_boot_str) + strlen("boot ")
	24
	25	is not right as the destination buffer length is just plain
	26	"sizeof(full_boot_str)" and that's what the final argument
	27	should be.
	28
	29	Signed-off-by: David S. Miller <davem@davemloft.net>
	30	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	31	---
	32	arch/sparc/kernel/ds.c \| 2 +-
	33	1 file changed, 1 insertion(+), 1 deletion(-)
	34
	35	--- a/arch/sparc/kernel/ds.c
	36	+++ b/arch/sparc/kernel/ds.c
	37	@@ -844,7 +844,7 @@ void ldom_reboot(const char *boot_comman
	38
	39	strcpy(full_boot_str, "boot ");
	40	strlcpy(full_boot_str + strlen("boot "), boot_command,
	41	- sizeof(full_boot_str + strlen("boot ")));
	42	+ sizeof(full_boot_str));
	43	len = strlen(full_boot_str);
	44
	45	if (reboot_data_supported) {