On Wed, 19 May 2021 at 16:56, Sasha Levin <[email protected]> wrote: > > On Wed, May 19, 2021 at 09:41:24AM +0200, Ard Biesheuvel wrote: > >From: Mikulas Patocka <[email protected]> > > > >commit 4edbe1d7bcffcd6269f3b5eb63f710393ff2ec7a upstream. > > > >If there are not any dm devices, we need to zero the "dev" argument in > >the first structure dm_name_list. However, this can cause out of > >bounds write, because the "needed" variable is zero and len may be > >less than eight. > > > >Fix this bug by reporting DM_BUFFER_FULL_FLAG if the result buffer is > >too small to hold the "nl->dev" value. > > > >Signed-off-by: Mikulas Patocka <[email protected]> > >Reported-by: Dan Carpenter <[email protected]> > >Cc: [email protected] > >Signed-off-by: Mike Snitzer <[email protected]> > >Signed-off-by: Ard Biesheuvel <[email protected]> > >--- > >Please apply to 4.4.y and 4.9.y > > We already carry this patch via the backport provided in > https://lore.kernel.org/stable/[email protected]/ >
Excellent, thanks. -- dm-devel mailing list [email protected] https://listman.redhat.com/mailman/listinfo/dm-devel
