3.4-stable patches

added patches:
	sysfs-sysfs_pathname-sysfs_add_one-use-strlcat-instead-of-strcat.patch

diff --git a/queue-3.4/series b/queue-3.4/series
index 49956a21be3e5cc9aa247369dd95da700ef8c5f7..ed054d92b63d2f24f740cd4d52228443ab5225a8 100644 (file)
--- a/queue-3.4/series
+++ b/queue-3.4/series
@@ -13,3 +13,4 @@ sunrpc-clear-the-connect-flag-when-socket-state-is-tcp_close_wait.patch
 revert-sunrpc-ensure-we-close-the-socket-on-epipe-errors-too.patch
 sunrpc-prevent-races-in-xs_abort_connection.patch
 xhci-fix-potential-null-ptr-deref-in-command-cancellation.patch
+sysfs-sysfs_pathname-sysfs_add_one-use-strlcat-instead-of-strcat.patch

diff --git a/queue-3.4/sysfs-sysfs_pathname-sysfs_add_one-use-strlcat-instead-of-strcat.patch b/queue-3.4/sysfs-sysfs_pathname-sysfs_add_one-use-strlcat-instead-of-strcat.patch
new file mode 100644 (file)
index 0000000..6b3deef
--- /dev/null
+++ b/queue-3.4/sysfs-sysfs_pathname-sysfs_add_one-use-strlcat-instead-of-strcat.patch
@@ -0,0 +1,66 @@
+From 66081a72517a131430dcf986775f3268aafcb546 Mon Sep 17 00:00:00 2001
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+Date: Sat, 29 Sep 2012 22:23:19 +0200
+Subject: sysfs: sysfs_pathname/sysfs_add_one: Use strlcat() instead of strcat()
+
+From: Geert Uytterhoeven <geert@linux-m68k.org>
+
+commit 66081a72517a131430dcf986775f3268aafcb546 upstream.
+
+The warning check for duplicate sysfs entries can cause a buffer overflow
+when printing the warning, as strcat() doesn't check buffer sizes.
+Use strlcat() instead.
+
+Since strlcat() doesn't return a pointer to the passed buffer, unlike
+strcat(), I had to convert the nested concatenation in sysfs_add_one() to
+an admittedly more obscure comma operator construct, to avoid emitting code
+for the concatenation if CONFIG_BUG is disabled.
+
+Signed-off-by: Geert Uytterhoeven <geert@linux-m68k.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ fs/sysfs/dir.c |   16 ++++++++--------
+ 1 file changed, 8 insertions(+), 8 deletions(-)
+
+--- a/fs/sysfs/dir.c
++++ b/fs/sysfs/dir.c
+@@ -457,20 +457,18 @@ int __sysfs_add_one(struct sysfs_addrm_c
+ /**
+  *    sysfs_pathname - return full path to sysfs dirent
+  *    @sd: sysfs_dirent whose path we want
+- *    @path: caller allocated buffer
++ *    @path: caller allocated buffer of size PATH_MAX
+  *
+  *    Gives the name "/" to the sysfs_root entry; any path returned
+  *    is relative to wherever sysfs is mounted.
+- *
+- *    XXX: does no error checking on @path size
+  */
+ static char *sysfs_pathname(struct sysfs_dirent *sd, char *path)
+ {
+       if (sd->s_parent) {
+               sysfs_pathname(sd->s_parent, path);
+-              strcat(path, "/");
++              strlcat(path, "/", PATH_MAX);
+       }
+-      strcat(path, sd->s_name);
++      strlcat(path, sd->s_name, PATH_MAX);
+       return path;
+ }
+ 
+@@ -503,9 +501,11 @@ int sysfs_add_one(struct sysfs_addrm_cxt
+               char *path = kzalloc(PATH_MAX, GFP_KERNEL);
+               WARN(1, KERN_WARNING
+                    "sysfs: cannot create duplicate filename '%s'\n",
+-                   (path == NULL) ? sd->s_name :
+-                   strcat(strcat(sysfs_pathname(acxt->parent_sd, path), "/"),
+-                          sd->s_name));
++                   (path == NULL) ? sd->s_name
++                                  : (sysfs_pathname(acxt->parent_sd, path),
++                                     strlcat(path, "/", PATH_MAX),
++                                     strlcat(path, sd->s_name, PATH_MAX),
++                                     path));
+               kfree(path);
+       }
+