From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Mon, 6 Mar 2017 06:57:18 +0000 (+0100)
Subject: another 3.18 patch
X-Git-Tag: v4.4.53~30
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=14334c63fc320df9ddd9f9b3ce9b255143410af2;p=thirdparty%2Fkernel%2Fstable-queue.git

another 3.18 patch
---

diff --git a/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch b/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch
new file mode 100644
index 00000000000..57387290a59
--- /dev/null
+++ b/queue-3.18/lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch
@@ -0,0 +1,36 @@
+From 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 Mon Sep 17 00:00:00 2001
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Date: Thu, 12 Feb 2015 15:01:39 -0800
+Subject: lib/vsprintf.c: improve sanity check in vsnprintf()
+
+From: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+
+commit 2aa2f9e21e4eb25c720b2e7d80f8929638f6ad73 upstream.
+
+On 64 bit, size may very well be huge even if bit 31 happens to be 0.
+Somehow it doesn't feel right that one can pass a 5 GiB buffer but not a
+3 GiB one.  So cap at INT_MAX as was probably the intention all along.
+This is also the made-up value passed by sprintf and vsprintf.
+
+Signed-off-by: Rasmus Villemoes <linux@rasmusvillemoes.dk>
+Cc: Jiri Kosina <jkosina@suse.cz>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ lib/vsprintf.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+--- a/lib/vsprintf.c
++++ b/lib/vsprintf.c
+@@ -1728,7 +1728,7 @@ int vsnprintf(char *buf, size_t size, co
+ 
+ 	/* Reject out-of-range values early.  Large positive sizes are
+ 	   used for unknown buffer sizes. */
+-	if (WARN_ON_ONCE((int) size < 0))
++	if (WARN_ON_ONCE(size > INT_MAX))
+ 		return 0;
+ 
+ 	str = buf;
diff --git a/queue-3.18/series b/queue-3.18/series
index 5c9d7fb5082..a0fe97b1f90 100644
--- a/queue-3.18/series
+++ b/queue-3.18/series
@@ -57,3 +57,4 @@ drbd-fix-kernel_sendmsg-usage-potential-null-deref.patch
 net-llc-avoid-bug_on-in-skb_orphan.patch
 dccp-fix-freeing-skb-too-early-for-ipv6_recvpktinfo.patch
 net-socket-fix-recvmmsg-not-returning-error-from-sock_error.patch
+lib-vsprintf.c-improve-sanity-check-in-vsnprintf.patch