releases/3.10.16/sparc64-fix-buggy-strlcpy-conversion-in-ldom_reboot.patch

   1 From 2df267384cc05ac3f08f5bb3e4800b240ce773d7 Mon Sep 17 00:00:00 2001
   2 From: "David S. Miller" <davem@davemloft.net>
   3 Date: Fri, 27 Sep 2013 13:46:04 -0700
   4 Subject: sparc64: Fix buggy strlcpy() conversion in ldom_reboot().
   5
   6 From: "David S. Miller" <davem@davemloft.net>
   7
   8 [ Upstream commit 2bd161a605f1f84a5fc8a4fe8410113a94f79355 ]
   9
  10 Commit 117a0c5fc9c2d06045bd217385b2b39ea426b5a6 ("sparc: kernel: using
  11 strlcpy() instead of strcpy()") added a bug to ldom_reboot in
  12 arch/sparc/kernel/ds.c
  13
  14 -               strcpy(full_boot_str + strlen("boot "), boot_command);
  15 +                                    strlcpy(full_boot_str + strlen("boot "), boot_command,
  16 +                                                            sizeof(full_boot_str + strlen("boot ")));
  17
  18 That last sizeof() expression evaluates to sizeof(size_t) which is
  19 not what was intended.
  20
  21 Also even the corrected:
  22
  23      sizeof(full_boot_str) + strlen("boot ")
  24
  25 is not right as the destination buffer length is just plain
  26 "sizeof(full_boot_str)" and that's what the final argument
  27 should be.
  28
  29 Signed-off-by: David S. Miller <davem@davemloft.net>
  30 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  31 ---
  32  arch/sparc/kernel/ds.c |    2 +-
  33  1 file changed, 1 insertion(+), 1 deletion(-)
  34
  35 --- a/arch/sparc/kernel/ds.c
  36 +++ b/arch/sparc/kernel/ds.c
  37 @@ -844,7 +844,7 @@ void ldom_reboot(const char *boot_comman
  38
  39                 strcpy(full_boot_str, "boot ");
  40                 strlcpy(full_boot_str + strlen("boot "), boot_command,
  41 -                       sizeof(full_boot_str + strlen("boot ")));
  42 +                       sizeof(full_boot_str));
  43                 len = strlen(full_boot_str);
  44
  45                 if (reboot_data_supported) {