From: Sasha Levin <sashal@kernel.org>
Date: Fri, 10 Jun 2022 13:00:58 +0000 (-0400)
Subject: Fixes for 4.9
X-Git-Tag: v4.9.318~102
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=62f456359bdb966fe7156371b2d1755bd3f6e151;p=thirdparty%2Fkernel%2Fstable-queue.git

Fixes for 4.9

Signed-off-by: Sasha Levin <sashal@kernel.org>
---

diff --git a/queue-4.9/net-fix-nla_strcmp-to-handle-more-then-one-trailing-.patch b/queue-4.9/net-fix-nla_strcmp-to-handle-more-then-one-trailing-.patch
new file mode 100644
index 00000000000..5da76357af9
--- /dev/null
+++ b/queue-4.9/net-fix-nla_strcmp-to-handle-more-then-one-trailing-.patch
@@ -0,0 +1,52 @@
+From ddb90a54268bc294c6b14ba861d5681e80e57a82 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 5 May 2021 09:58:31 -0700
+Subject: net: fix nla_strcmp to handle more then one trailing null character
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Maciej Żenczykowski <maze@google.com>
+
+[ Upstream commit 2c16db6c92b0ee4aa61e88366df82169e83c3f7e ]
+
+Android userspace has been using TCA_KIND with a char[IFNAMESIZ]
+many-null-terminated buffer containing the string 'bpf'.
+
+This works on 4.19 and ceases to work on 5.10.
+
+I'm not entirely sure what fixes tag to use, but I think the issue
+was likely introduced in the below mentioned 5.4 commit.
+
+Reported-by: Nucca Chen <nuccachen@google.com>
+Cc: Cong Wang <xiyou.wangcong@gmail.com>
+Cc: David Ahern <dsahern@gmail.com>
+Cc: David S. Miller <davem@davemloft.net>
+Cc: Jakub Kicinski <jakub.kicinski@netronome.com>
+Cc: Jamal Hadi Salim <jhs@mojatatu.com>
+Cc: Jiri Pirko <jiri@mellanox.com>
+Cc: Jiri Pirko <jiri@resnulli.us>
+Fixes: 62794fc4fbf5 ("net_sched: add max len check for TCA_KIND")
+Change-Id: I66dc281f165a2858fc29a44869a270a2d698a82b
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ lib/nlattr.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/nlattr.c b/lib/nlattr.c
+index fce1e9afc6d9..ea27e1d069b1 100644
+--- a/lib/nlattr.c
++++ b/lib/nlattr.c
+@@ -316,7 +316,7 @@ int nla_strcmp(const struct nlattr *nla, const char *str)
+ 	int attrlen = nla_len(nla);
+ 	int d;
+ 
+-	if (attrlen > 0 && buf[attrlen - 1] == '\0')
++	while (attrlen > 0 && buf[attrlen - 1] == '\0')
+ 		attrlen--;
+ 
+ 	d = attrlen - len;
+-- 
+2.35.1
+
diff --git a/queue-4.9/series b/queue-4.9/series
index fd4565128ab..8edbb6168b3 100644
--- a/queue-4.9/series
+++ b/queue-4.9/series
@@ -130,3 +130,4 @@ i2c-cadence-increase-timeout-per-message-if-necessar.patch
 m68knommu-set-zero_page-to-the-allocated-zeroed-page.patch
 m68knommu-fix-undefined-reference-to-_init_sp.patch
 video-fbdev-pxa3xx-gcu-release-the-resources-correct.patch
+net-fix-nla_strcmp-to-handle-more-then-one-trailing-.patch