From: Greg Kroah-Hartman Date: Tue, 20 Mar 2007 04:05:22 +0000 (-0700) Subject: removed a patch from the queue that wasn't needed X-Git-Tag: v2.6.20.4~3 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=1ea2fafb16228b9409849055e90eda25edfc4e87;p=thirdparty%2Fkernel%2Fstable-queue.git removed a patch from the queue that wasn't needed --- diff --git a/review-2.6.20/fix-user-copy-length-in-ipv6_sockglue.c.patch b/review-2.6.20/fix-user-copy-length-in-ipv6_sockglue.c.patch deleted file mode 100644 index 4a5b0cd9afb..00000000000 --- a/review-2.6.20/fix-user-copy-length-in-ipv6_sockglue.c.patch +++ /dev/null @@ -1,34 +0,0 @@ -From stable-bounces@linux.kernel.org Fri Mar 9 23:07:24 2007 -From: Chris Wright -Date: Fri, 09 Mar 2007 23:05:59 -0800 (PST) -Subject: Fix user copy length in ipv6_sockglue.c -To: stable@kernel.org -Cc: bunk@stusta.de -Message-ID: <20070309.230559.78709619.davem@davemloft.net> - -From: Chris Wright - -[IPV6] fix ipv6_getsockopt_sticky copy_to_user leak - -User supplied len < 0 can cause leak of kernel memory. -Use unsigned compare instead. - -Signed-off-by: Chris Wright -Signed-off-by: David S. Miller -Signed-off-by: Greg Kroah-Hartman - ---- - net/ipv6/ipv6_sockglue.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - ---- a/net/ipv6/ipv6_sockglue.c -+++ b/net/ipv6/ipv6_sockglue.c -@@ -805,7 +805,7 @@ static int ipv6_getsockopt_sticky(struct - return 0; - hdr = opt->hopopt; - -- len = min_t(int, len, ipv6_optlen(hdr)); -+ len = min_t(unsigned int, len, ipv6_optlen(hdr)); - if (copy_to_user(optval, hdr, ipv6_optlen(hdr))) - return -EFAULT; - return len; diff --git a/review-2.6.20/series b/review-2.6.20/series index 93854009e0e..a4bae5910ef 100644 --- a/review-2.6.20/series +++ b/review-2.6.20/series @@ -1,6 +1,5 @@ fix-another-null-pointer-deref-in-ipv6_sockglue.c.patch fix-rtm_to_ifaddr-error-return.patch -fix-user-copy-length-in-ipv6_sockglue.c.patch SCSI-gdth-fix-oops-in-gdth_copy_cmd.patch netlabel-cipso_std_bug netfilter-nfnetlink_log-fix-reference-counting.patch