+++ /dev/null
-From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001
-From: Paulo Alcantara <pc@cjr.nz>
-Date: Thu, 6 Oct 2022 13:04:05 -0300
-Subject: cifs: prevent copying past input buffer boundaries
-
-From: Paulo Alcantara <pc@cjr.nz>
-
-commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream.
-
-Prevent copying past @data buffer in smb2_validate_and_copy_iov() as
-the output buffer in @iov might be potentially bigger and thus copying
-more bytes than requested in @minbufsize.
-
-Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
-Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Cc: Georg Müller <georgmueller@gmx.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/cifs/smb2pdu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -3331,7 +3331,7 @@ smb2_validate_and_copy_iov(unsigned int
- if (rc)
- return rc;
-
-- memcpy(data, begin_of_buf, buffer_length);
-+ memcpy(data, begin_of_buf, minbufsize);
-
- return 0;
- }
-@@ -3455,7 +3455,7 @@ query_info(const unsigned int xid, struc
-
- rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
- le32_to_cpu(rsp->OutputBufferLength),
-- &rsp_iov, min_len, *data);
-+ &rsp_iov, dlen ? *dlen : min_len, *data);
- if (rc && allocated) {
- kfree(*data);
- *data = NULL;
ext4-allocate-extended-attribute-value-in-vmalloc-area.patch
drm-amdgpu-handle-polaris10-11-overlap-asics-v2.patch
drm-amdgpu-make-display-pinning-more-flexible-v2.patch
-cifs-prevent-copying-past-input-buffer-boundaries.patch
arm-renumber-bits-related-to-_tif_work_mask.patch
perf-x86-intel-uncore-generalize-i-o-stacks-to-pmon-.patch
perf-x86-intel-uncore-clear-attr_update-properly.patch
+++ /dev/null
-From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001
-From: Paulo Alcantara <pc@cjr.nz>
-Date: Thu, 6 Oct 2022 13:04:05 -0300
-Subject: cifs: prevent copying past input buffer boundaries
-
-From: Paulo Alcantara <pc@cjr.nz>
-
-commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream.
-
-Prevent copying past @data buffer in smb2_validate_and_copy_iov() as
-the output buffer in @iov might be potentially bigger and thus copying
-more bytes than requested in @minbufsize.
-
-Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
-Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Cc: Georg Müller <georgmueller@gmx.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/cifs/smb2pdu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -3400,7 +3400,7 @@ smb2_validate_and_copy_iov(unsigned int
- if (rc)
- return rc;
-
-- memcpy(data, begin_of_buf, buffer_length);
-+ memcpy(data, begin_of_buf, minbufsize);
-
- return 0;
- }
-@@ -3524,7 +3524,7 @@ query_info(const unsigned int xid, struc
-
- rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
- le32_to_cpu(rsp->OutputBufferLength),
-- &rsp_iov, min_len, *data);
-+ &rsp_iov, dlen ? *dlen : min_len, *data);
- if (rc && allocated) {
- kfree(*data);
- *data = NULL;
ext4-add-missing-validation-of-fast-commit-record-lengths.patch
ext4-fix-unaligned-memory-access-in-ext4_fc_reserve_space.patch
ext4-fix-off-by-one-errors-in-fast-commit-block-filling.patch
-cifs-prevent-copying-past-input-buffer-boundaries.patch
arm-renumber-bits-related-to-_tif_work_mask.patch
phy-qcom-qmp-combo-fix-out-of-bounds-clock-access.patch
btrfs-replace-strncpy-with-strscpy.patch
+++ /dev/null
-From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001
-From: Paulo Alcantara <pc@cjr.nz>
-Date: Thu, 6 Oct 2022 13:04:05 -0300
-Subject: cifs: prevent copying past input buffer boundaries
-
-From: Paulo Alcantara <pc@cjr.nz>
-
-commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream.
-
-Prevent copying past @data buffer in smb2_validate_and_copy_iov() as
-the output buffer in @iov might be potentially bigger and thus copying
-more bytes than requested in @minbufsize.
-
-Signed-off-by: Paulo Alcantara (SUSE) <pc@cjr.nz>
-Reviewed-by: Ronnie Sahlberg <lsahlber@redhat.com>
-Signed-off-by: Steve French <stfrench@microsoft.com>
-Cc: Georg Müller <georgmueller@gmx.net>
-Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
----
- fs/cifs/smb2pdu.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
---- a/fs/cifs/smb2pdu.c
-+++ b/fs/cifs/smb2pdu.c
-@@ -3071,7 +3071,7 @@ smb2_validate_and_copy_iov(unsigned int
- if (rc)
- return rc;
-
-- memcpy(data, begin_of_buf, buffer_length);
-+ memcpy(data, begin_of_buf, minbufsize);
-
- return 0;
- }
-@@ -3192,7 +3192,7 @@ query_info(const unsigned int xid, struc
-
- rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset),
- le32_to_cpu(rsp->OutputBufferLength),
-- &rsp_iov, min_len, *data);
-+ &rsp_iov, dlen ? *dlen : min_len, *data);
- if (rc && allocated) {
- kfree(*data);
- *data = NULL;
ext4-avoid-unaccounted-block-allocation-when-expanding-inode.patch
ext4-allocate-extended-attribute-value-in-vmalloc-area.patch
drm-amdgpu-make-display-pinning-more-flexible-v2.patch
-cifs-prevent-copying-past-input-buffer-boundaries.patch
btrfs-replace-strncpy-with-strscpy.patch
pm-devfreq-governor-add-a-private-governor_data-for-.patch
media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
