another 3.18 patch

author Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)

committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>

Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)
author Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)
committer Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)
diff --git a/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch b/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch

new file mode 100644 (file)

index 0000000..5738729
--- /dev/null
+++ b/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch
@@ -0,0 +1,36 @@
+From 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Thu, 12 Feb 2015 15:01:39 -0800
+Subject: lib/vsprintf.c: improve sanity check in vsnprintf()
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 upstream.
+
+On 64 bit, size may very well be huge even if bit 31 happens to be 0.
+Somehow it doesn't feel right that one can pass a 5 GiB buffer but not a
+3 GiB one.  So cap at INT_MAX as was probably the intention all along.
+This is also the made-up value passed by sprintf and vsprintf.
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Cc: Jiri Kosina <jkosina@suse.cz>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/vsprintf.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/vsprintf.c
++++ b/lib/vsprintf.c
+@@ -1728,7 +1728,7 @@ int vsnprintf(char *buf, size_t size, co
+ 
+       /* Reject out-of-range values early.  Large positive sizes are
+          used for unknown buffer sizes. */
+-      if (WARN_ON_ONCE((int) size < 0))
++      if (WARN_ON_ONCE(size > INT_MAX))
+               return 0;
+ 
+       str = buf;
diff --git a/queue-3.18/series b/queue-3.18/series

index 5c9d7fb50820b6e3cc84598326c1d58c000261c1..a0fe97b1f908dd22dc87d3ad1bb84a9818468620 100644 (file)
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -57,3 +57,4 @@ drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch
  net-llc-avoid-bug_on-in-skb_orphan.patch
  dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch
  net-socket-fix-recvmmsg-not-returning-error-from-sock_error.patch
+lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Mon, 6 Mar 2017 06:57:18 +0000 (07:57 +0100)
queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch	[new file with mode: 0644]	patch \| blob
queue-3.18/series		patch \| blob \| blame \| history