From: Greg Kroah-Hartman <gregkh@suse.de>
Date: Tue, 29 Apr 2008 16:49:57 +0000 (-0700)
Subject: one more .24 patch
X-Git-Tag: v2.6.25.1~7
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=0c8c40b2e2c7a600cc9f07bdbaae5fcf3b21646d;p=thirdparty%2Fkernel%2Fstable-queue.git

one more .24 patch
---

diff --git a/queue-2.6.24/fix-oops-on-rmmod-capidrv.patch b/queue-2.6.24/fix-oops-on-rmmod-capidrv.patch
new file mode 100644
index 00000000000..3d3810828c6
--- /dev/null
+++ b/queue-2.6.24/fix-oops-on-rmmod-capidrv.patch
@@ -0,0 +1,46 @@
+From eb36f4fc019835cecf0788907f6cab774508087b Mon Sep 17 00:00:00 2001
+From: Karsten Keil <kkeil@suse.de>
+Date: Fri, 25 Jan 2008 11:55:28 +0100
+Subject: fix oops on rmmod capidrv
+
+From: Karsten Keil <kkeil@suse.de>
+
+commit eb36f4fc019835cecf0788907f6cab774508087b upstream.
+
+Fix overwriting the stack with the version string
+(it is currently 10 bytes + zero) when unloading the
+capidrv module. Safeguard against overwriting it
+should the version string grow in the future.
+
+Should fix Kernel Bug Tracker Bug 9696.
+
+Signed-off-by: Gerd v. Egidy <gerd.von.egidy@intra2net.com>
+Acked-by: Karsten Keil <kkeil@suse.de>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ drivers/isdn/capi/capidrv.c |    9 +++++----
+ 1 file changed, 5 insertions(+), 4 deletions(-)
+
+--- a/drivers/isdn/capi/capidrv.c
++++ b/drivers/isdn/capi/capidrv.c
+@@ -2332,13 +2332,14 @@ static int __init capidrv_init(void)
+ 
+ static void __exit capidrv_exit(void)
+ {
+-	char rev[10];
++	char rev[32];
+ 	char *p;
+ 
+ 	if ((p = strchr(revision, ':')) != 0) {
+-		strcpy(rev, p + 1);
+-		p = strchr(rev, '$');
+-		*p = 0;
++		strncpy(rev, p + 1, sizeof(rev));
++		rev[sizeof(rev)-1] = 0;
++		if ((p = strchr(rev, '$')) != 0)
++			*p = 0;
+ 	} else {
+ 		strcpy(rev, " ??? ");
+ 	}
diff --git a/queue-2.6.24/series b/queue-2.6.24/series
index 63d211e4a5f..afb1fa5a5bc 100644
--- a/queue-2.6.24/series
+++ b/queue-2.6.24/series
@@ -1,3 +1,4 @@
+fix-oops-on-rmmod-capidrv.patch
 x86-fix-32-bit-x86-msi-x-allocation-leakage.patch
 tehuti-check-register-size.patch
 tehuti-move-ioctl-perm-check-closer-to-function-start.patch