From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Sun, 23 Jun 2019 04:50:39 +0000 (+0200)
Subject: 4.14-stable patches
X-Git-Tag: v5.1.15~35
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=8d149922c2ff4f87749be4b55a6b0abb55343ac9;p=thirdparty%2Fkernel%2Fstable-queue.git

4.14-stable patches

added patches:
	net-phy-broadcom-use-strlcpy-for-ethtool-get_strings.patch
---

diff --git a/queue-4.14/net-phy-broadcom-use-strlcpy-for-ethtool-get_strings.patch b/queue-4.14/net-phy-broadcom-use-strlcpy-for-ethtool-get_strings.patch
new file mode 100644
index 00000000000..9a750ccac88
--- /dev/null
+++ b/queue-4.14/net-phy-broadcom-use-strlcpy-for-ethtool-get_strings.patch
@@ -0,0 +1,37 @@
+From 8a17eefa235f73b60c0ca7d397d2e4f66f85f413 Mon Sep 17 00:00:00 2001
+From: Florian Fainelli <f.fainelli@gmail.com>
+Date: Fri, 2 Mar 2018 15:08:39 -0800
+Subject: net: phy: broadcom: Use strlcpy() for ethtool::get_strings
+
+From: Florian Fainelli <f.fainelli@gmail.com>
+
+commit 8a17eefa235f73b60c0ca7d397d2e4f66f85f413 upstream.
+
+Our statistics strings are allocated at initialization without being
+bound to a specific size, yet, we would copy ETH_GSTRING_LEN bytes using
+memcpy() which would create out of bounds accesses, this was flagged by
+KASAN. Replace this with strlcpy() to make sure we are bound the source
+buffer size and we also always NUL-terminate strings.
+
+Fixes: 820ee17b8d3b ("net: phy: broadcom: Add support code for reading PHY counters")
+Signed-off-by: Florian Fainelli <f.fainelli@gmail.com>
+Signed-off-by: David S. Miller <davem@davemloft.net>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/net/phy/bcm-phy-lib.c |    4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+--- a/drivers/net/phy/bcm-phy-lib.c
++++ b/drivers/net/phy/bcm-phy-lib.c
+@@ -341,8 +341,8 @@ void bcm_phy_get_strings(struct phy_devi
+ 	unsigned int i;
+ 
+ 	for (i = 0; i < ARRAY_SIZE(bcm_phy_hw_stats); i++)
+-		memcpy(data + i * ETH_GSTRING_LEN,
+-		       bcm_phy_hw_stats[i].string, ETH_GSTRING_LEN);
++		strlcpy(data + i * ETH_GSTRING_LEN,
++			bcm_phy_hw_stats[i].string, ETH_GSTRING_LEN);
+ }
+ EXPORT_SYMBOL_GPL(bcm_phy_get_strings);
+ 
diff --git a/queue-4.14/series b/queue-4.14/series
index ce8ad94d48d..c8077ca7142 100644
--- a/queue-4.14/series
+++ b/queue-4.14/series
@@ -1,3 +1,4 @@
 tracing-silence-gcc-9-array-bounds-warning.patch
 objtool-support-per-function-rodata-sections.patch
 gcc-9-silence-address-of-packed-member-warning.patch
+net-phy-broadcom-use-strlcpy-for-ethtool-get_strings.patch