From: Greg Kroah-Hartman Date: Mon, 9 Jan 2023 12:51:26 +0000 (+0100) Subject: drop cifs-prevent-copying-past-input-buffer-boundaries.patch from everywhere X-Git-Tag: v5.15.87~49 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=f1a20163041b0b5dab0e4675880088efd8d5d572;p=thirdparty%2Fkernel%2Fstable-queue.git drop cifs-prevent-copying-past-input-buffer-boundaries.patch from everywhere --- diff --git a/queue-5.10/cifs-prevent-copying-past-input-buffer-boundaries.patch b/queue-5.10/cifs-prevent-copying-past-input-buffer-boundaries.patch deleted file mode 100644 index e4596933ee5..00000000000 --- a/queue-5.10/cifs-prevent-copying-past-input-buffer-boundaries.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001 -From: Paulo Alcantara -Date: Thu, 6 Oct 2022 13:04:05 -0300 -Subject: cifs: prevent copying past input buffer boundaries - -From: Paulo Alcantara - -commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream. - -Prevent copying past @data buffer in smb2_validate_and_copy_iov() as -the output buffer in @iov might be potentially bigger and thus copying -more bytes than requested in @minbufsize. - -Signed-off-by: Paulo Alcantara (SUSE) -Reviewed-by: Ronnie Sahlberg -Signed-off-by: Steve French -Cc: Georg Müller -Signed-off-by: Greg Kroah-Hartman ---- - fs/cifs/smb2pdu.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -3331,7 +3331,7 @@ smb2_validate_and_copy_iov(unsigned int - if (rc) - return rc; - -- memcpy(data, begin_of_buf, buffer_length); -+ memcpy(data, begin_of_buf, minbufsize); - - return 0; - } -@@ -3455,7 +3455,7 @@ query_info(const unsigned int xid, struc - - rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), - le32_to_cpu(rsp->OutputBufferLength), -- &rsp_iov, min_len, *data); -+ &rsp_iov, dlen ? *dlen : min_len, *data); - if (rc && allocated) { - kfree(*data); - *data = NULL; diff --git a/queue-5.10/series b/queue-5.10/series index 34580565389..497279a365f 100644 --- a/queue-5.10/series +++ b/queue-5.10/series @@ -687,7 +687,6 @@ ext4-avoid-unaccounted-block-allocation-when-expanding-inode.patch ext4-allocate-extended-attribute-value-in-vmalloc-area.patch drm-amdgpu-handle-polaris10-11-overlap-asics-v2.patch drm-amdgpu-make-display-pinning-more-flexible-v2.patch -cifs-prevent-copying-past-input-buffer-boundaries.patch arm-renumber-bits-related-to-_tif_work_mask.patch perf-x86-intel-uncore-generalize-i-o-stacks-to-pmon-.patch perf-x86-intel-uncore-clear-attr_update-properly.patch diff --git a/queue-5.15/cifs-prevent-copying-past-input-buffer-boundaries.patch b/queue-5.15/cifs-prevent-copying-past-input-buffer-boundaries.patch deleted file mode 100644 index 1a51942ddf8..00000000000 --- a/queue-5.15/cifs-prevent-copying-past-input-buffer-boundaries.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001 -From: Paulo Alcantara -Date: Thu, 6 Oct 2022 13:04:05 -0300 -Subject: cifs: prevent copying past input buffer boundaries - -From: Paulo Alcantara - -commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream. - -Prevent copying past @data buffer in smb2_validate_and_copy_iov() as -the output buffer in @iov might be potentially bigger and thus copying -more bytes than requested in @minbufsize. - -Signed-off-by: Paulo Alcantara (SUSE) -Reviewed-by: Ronnie Sahlberg -Signed-off-by: Steve French -Cc: Georg Müller -Signed-off-by: Greg Kroah-Hartman ---- - fs/cifs/smb2pdu.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -3400,7 +3400,7 @@ smb2_validate_and_copy_iov(unsigned int - if (rc) - return rc; - -- memcpy(data, begin_of_buf, buffer_length); -+ memcpy(data, begin_of_buf, minbufsize); - - return 0; - } -@@ -3524,7 +3524,7 @@ query_info(const unsigned int xid, struc - - rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), - le32_to_cpu(rsp->OutputBufferLength), -- &rsp_iov, min_len, *data); -+ &rsp_iov, dlen ? *dlen : min_len, *data); - if (rc && allocated) { - kfree(*data); - *data = NULL; diff --git a/queue-5.15/series b/queue-5.15/series index 8c8972b5922..4cb645cb6b5 100644 --- a/queue-5.15/series +++ b/queue-5.15/series @@ -174,7 +174,6 @@ ext4-don-t-set-up-encryption-key-during-jbd2-transaction.patch ext4-add-missing-validation-of-fast-commit-record-lengths.patch ext4-fix-unaligned-memory-access-in-ext4_fc_reserve_space.patch ext4-fix-off-by-one-errors-in-fast-commit-block-filling.patch -cifs-prevent-copying-past-input-buffer-boundaries.patch arm-renumber-bits-related-to-_tif_work_mask.patch phy-qcom-qmp-combo-fix-out-of-bounds-clock-access.patch btrfs-replace-strncpy-with-strscpy.patch diff --git a/queue-5.4/cifs-prevent-copying-past-input-buffer-boundaries.patch b/queue-5.4/cifs-prevent-copying-past-input-buffer-boundaries.patch deleted file mode 100644 index 2eb917ec96e..00000000000 --- a/queue-5.4/cifs-prevent-copying-past-input-buffer-boundaries.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 9ee2afe5207b63b20426ee081f486d831bae871d Mon Sep 17 00:00:00 2001 -From: Paulo Alcantara -Date: Thu, 6 Oct 2022 13:04:05 -0300 -Subject: cifs: prevent copying past input buffer boundaries - -From: Paulo Alcantara - -commit 9ee2afe5207b63b20426ee081f486d831bae871d upstream. - -Prevent copying past @data buffer in smb2_validate_and_copy_iov() as -the output buffer in @iov might be potentially bigger and thus copying -more bytes than requested in @minbufsize. - -Signed-off-by: Paulo Alcantara (SUSE) -Reviewed-by: Ronnie Sahlberg -Signed-off-by: Steve French -Cc: Georg Müller -Signed-off-by: Greg Kroah-Hartman ---- - fs/cifs/smb2pdu.c | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - ---- a/fs/cifs/smb2pdu.c -+++ b/fs/cifs/smb2pdu.c -@@ -3071,7 +3071,7 @@ smb2_validate_and_copy_iov(unsigned int - if (rc) - return rc; - -- memcpy(data, begin_of_buf, buffer_length); -+ memcpy(data, begin_of_buf, minbufsize); - - return 0; - } -@@ -3192,7 +3192,7 @@ query_info(const unsigned int xid, struc - - rc = smb2_validate_and_copy_iov(le16_to_cpu(rsp->OutputBufferOffset), - le32_to_cpu(rsp->OutputBufferLength), -- &rsp_iov, min_len, *data); -+ &rsp_iov, dlen ? *dlen : min_len, *data); - if (rc && allocated) { - kfree(*data); - *data = NULL; diff --git a/queue-5.4/series b/queue-5.4/series index d3302a9b537..a257910ab0d 100644 --- a/queue-5.4/series +++ b/queue-5.4/series @@ -535,7 +535,6 @@ ext4-initialize-quota-before-expanding-inode-in-setproject-ioctl.patch ext4-avoid-unaccounted-block-allocation-when-expanding-inode.patch ext4-allocate-extended-attribute-value-in-vmalloc-area.patch drm-amdgpu-make-display-pinning-more-flexible-v2.patch -cifs-prevent-copying-past-input-buffer-boundaries.patch btrfs-replace-strncpy-with-strscpy.patch pm-devfreq-governor-add-a-private-governor_data-for-.patch media-s5p-mfc-fix-to-handle-reference-queue-during-f.patch