From fae8c5b0d600873cb868bf27a1deef6b1e07bc49 Mon Sep 17 00:00:00 2001
From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Date: Thu, 8 Mar 2018 05:52:54 -0800
Subject: [PATCH] 4.4-stable patches

added patches:
	leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch
---
 ...low-sysfs-buffer-in-led_trigger_show.patch | 55 +++++++++++++++++++
 queue-4.4/series                              |  1 +
 2 files changed, 56 insertions(+)
 create mode 100644 queue-4.4/leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch

diff --git a/queue-4.4/leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch b/queue-4.4/leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch
new file mode 100644
index 00000000000..40c22121935
--- /dev/null
+++ b/queue-4.4/leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch
@@ -0,0 +1,55 @@
+From 3b9b95363c45365d606ad4bbba16acca75fdf6d3 Mon Sep 17 00:00:00 2001
+From: Nathan Sullivan <nathan.sullivan@ni.com>
+Date: Mon, 15 Aug 2016 17:20:14 -0500
+Subject: leds: do not overflow sysfs buffer in led_trigger_show
+
+From: Nathan Sullivan <nathan.sullivan@ni.com>
+
+commit 3b9b95363c45365d606ad4bbba16acca75fdf6d3 upstream.
+
+Per the documentation, use scnprintf instead of sprintf to ensure there
+is never more than PAGE_SIZE bytes of trigger names put into the
+buffer.
+
+Signed-off-by: Nathan Sullivan <nathan.sullivan@ni.com>
+Signed-off-by: Zach Brown <zach.brown@ni.com>
+Signed-off-by: Jacek Anaszewski <j.anaszewski@samsung.com>
+Cc: Willy Tarreau <w@1wt.eu>
+Cc: Vlastimil Babka <vbabka@suse.cz>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+
+---
+ drivers/leds/led-triggers.c |   12 +++++++-----
+ 1 file changed, 7 insertions(+), 5 deletions(-)
+
+--- a/drivers/leds/led-triggers.c
++++ b/drivers/leds/led-triggers.c
+@@ -88,21 +88,23 @@ ssize_t led_trigger_show(struct device *
+ 	down_read(&led_cdev->trigger_lock);
+ 
+ 	if (!led_cdev->trigger)
+-		len += sprintf(buf+len, "[none] ");
++		len += scnprintf(buf+len, PAGE_SIZE - len, "[none] ");
+ 	else
+-		len += sprintf(buf+len, "none ");
++		len += scnprintf(buf+len, PAGE_SIZE - len, "none ");
+ 
+ 	list_for_each_entry(trig, &trigger_list, next_trig) {
+ 		if (led_cdev->trigger && !strcmp(led_cdev->trigger->name,
+ 							trig->name))
+-			len += sprintf(buf+len, "[%s] ", trig->name);
++			len += scnprintf(buf+len, PAGE_SIZE - len, "[%s] ",
++					 trig->name);
+ 		else
+-			len += sprintf(buf+len, "%s ", trig->name);
++			len += scnprintf(buf+len, PAGE_SIZE - len, "%s ",
++					 trig->name);
+ 	}
+ 	up_read(&led_cdev->trigger_lock);
+ 	up_read(&triggers_list_lock);
+ 
+-	len += sprintf(len+buf, "\n");
++	len += scnprintf(len+buf, PAGE_SIZE - len, "\n");
+ 	return len;
+ }
+ EXPORT_SYMBOL_GPL(led_trigger_show);
diff --git a/queue-4.4/series b/queue-4.4/series
index 171d7d554a4..0d799bd6ec5 100644
--- a/queue-4.4/series
+++ b/queue-4.4/series
@@ -12,3 +12,4 @@ x86-syscall-sanitize-syscall-table-de-references-under-speculation-fix.patch
 btrfs-don-t-clear-sgid-when-inheriting-acls.patch
 arm-dts-logicpd-torpedo-fix-i2c1-pinmux.patch
 x86-apic-vector-handle-legacy-irq-data-correctly.patch
+leds-do-not-overflow-sysfs-buffer-in-led_trigger_show.patch
-- 
2.47.3