[Kernel-packages] [Bug 1805802] Re: [UBUNTU] qeth: fix length check in SNMP processing

Mon, 04 Feb 2019 11:01:23 -0800 

Just verified that this patch already landed in disco kernel
Ubuntu-4.19.0-9.10, hence changing to Fix Released since we have linux-
generic 4.19.0.12.13 in disco as of today.

** Changed in: linux (Ubuntu Disco)
       Status: Fix Committed => Fix Released

** Changed in: ubuntu-z-systems
       Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1805802

Title:
  [UBUNTU] qeth: fix length check in SNMP processing

Status in Ubuntu on IBM z Systems:
  Fix Released
Status in linux package in Ubuntu:
  Fix Released
Status in linux source package in Bionic:
  Fix Released
Status in linux source package in Cosmic:
  Fix Released
Status in linux source package in Disco:
  Fix Released

Bug description:
  == SRU Justification ==
  The response for a SNMP request can consist of multiple parts,
                which the cmd callback stages into a kernel buffer until all
                parts have been received. If the callback detects that the
                staging buffer provides insufficient space, it bails out with
                error.
                This processing is buggy for the first part of the response -
                while it initially checks for a length of 'data_len', it later
                copies an additional amount of
                'offsetof(struct qeth_snmp_cmd, data)' bytes.

  
  == Fix ==
  9a764c1e5968 ("s390/qeth: fix length check in SNMP processing")

  == Regression Potential ==
  Low.  Changes limited to s390.

  == Test Case ==
  A test kernel was built with this patch and tested by the original bug 
reporter.
  The bug reporter states the test kernel resolved the bug.


  
  == Original bug description ==

  Description:  qeth: fix length check in SNMP processing
  Symptom:      Undefined behaviour.
  Problem:      The response for a SNMP request can consist of multiple parts,
                which the cmd callback stages into a kernel buffer until all
                parts have been received. If the callback detects that the
                staging buffer provides insufficient space, it bails out with
                error.
                This processing is buggy for the first part of the response -
                while it initially checks for a length of 'data_len', it later
                copies an additional amount of
                'offsetof(struct qeth_snmp_cmd, data)' bytes.
  Solution:     Fix the calculation of 'data_len' for the first part of the
                response.
  Upstream-ID:  9a764c1e59684c0358e16ccaafd870629f2cfe67

  Should be applied to all Ubuntu Releases in Service

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-z-systems/+bug/1805802/+subscriptions

-- 
Mailing list: https://launchpad.net/~kernel-packages
Post to     : [email protected]
Unsubscribe : https://launchpad.net/~kernel-packages
More help   : https://help.launchpad.net/ListHelp

Reply via email to