releases/3.4.103/iovec-make-sure-the-caller-actually-wants-anything-in-memcpy_fromiovecend.patch

   1 From foo@baz Thu Aug  7 20:47:07 PDT 2014
   2 From: Sasha Levin <sasha.levin@oracle.com>
   3 Date: Thu, 31 Jul 2014 23:00:35 -0400
   4 Subject: iovec: make sure the caller actually wants anything in memcpy_fromiovecend
   5
   6 From: Sasha Levin <sasha.levin@oracle.com>
   7
   8 [ Upstream commit 06ebb06d49486676272a3c030bfeef4bd969a8e6 ]
   9
  10 Check for cases when the caller requests 0 bytes instead of running off
  11 and dereferencing potentially invalid iovecs.
  12
  13 Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
  14 Signed-off-by: David S. Miller <davem@davemloft.net>
  15 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  16 ---
  17  net/core/iovec.c |    4 ++++
  18  1 file changed, 4 insertions(+)
  19
  20 --- a/net/core/iovec.c
  21 +++ b/net/core/iovec.c
  22 @@ -157,6 +157,10 @@ EXPORT_SYMBOL(memcpy_fromiovec);
  23  int memcpy_fromiovecend(unsigned char *kdata, const struct iovec *iov,
  24                         int offset, int len)
  25  {
  26 +       /* No data? Done! */
  27 +       if (len == 0)
  28 +               return 0;
  29 +
  30         /* Skip over the finished iovecs */
  31         while (offset >= iov->iov_len) {
  32                 offset -= iov->iov_len;