2.6.38-stable review patch. If anyone has any objections, please let us know.
------------------ From: David Sterba <[email protected]> commit b4232a22776aa5d063f890d21ca69870dbbe431b upstream. Static analyzer of clang found a dead store which appears to be a bug in reading count of items in SEQOF field, only the lower byte of word is stored. This may lead to corrupted read and communication shutdown. The bug has been in the module since it's first inclusion into linux kernel. [Patrick: the bug is real, but without practical consequence since the largest amount of sequence-of members we parse is 30.] Signed-off-by: David Sterba <[email protected]> Signed-off-by: Patrick McHardy <[email protected]> Signed-off-by: Greg Kroah-Hartman <[email protected]> --- net/netfilter/nf_conntrack_h323_asn1.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/netfilter/nf_conntrack_h323_asn1.c +++ b/net/netfilter/nf_conntrack_h323_asn1.c @@ -631,7 +631,7 @@ static int decode_seqof(bitstr_t *bs, co CHECK_BOUND(bs, 2); count = *bs->cur++; count <<= 8; - count = *bs->cur++; + count += *bs->cur++; break; case SEMI: BYTE_ALIGN(bs); _______________________________________________ stable mailing list [email protected] http://linux.kernel.org/mailman/listinfo/stable
