This is a note to let you know that I've just added the patch titled
nfsd: don't allow zero length strings in cache_parse()
to the 3.3-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
and it can be found in the queue-3.3 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From 6d8d17499810479eabd10731179c04b2ca22152f Mon Sep 17 00:00:00 2001
From: Dan Carpenter <[email protected]>
Date: Wed, 18 Jan 2012 12:56:02 +0300
Subject: nfsd: don't allow zero length strings in cache_parse()
From: Dan Carpenter <[email protected]>
commit 6d8d17499810479eabd10731179c04b2ca22152f upstream.
There is no point in passing a zero length string here and quite a
few of that cache_parse() implementations will Oops if count is
zero.
Signed-off-by: Dan Carpenter <[email protected]>
Signed-off-by: J. Bruce Fields <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
net/sunrpc/cache.c | 2 ++
1 file changed, 2 insertions(+)
--- a/net/sunrpc/cache.c
+++ b/net/sunrpc/cache.c
@@ -828,6 +828,8 @@ static ssize_t cache_do_downcall(char *k
{
ssize_t ret;
+ if (count == 0)
+ return -EINVAL;
if (copy_from_user(kaddr, buf, count))
return -EFAULT;
kaddr[count] = '\0';
Patches currently in stable-queue which might be from [email protected]
are
queue-3.3/usb-dwc3-make-dwc3_get_device_id-return-the-id.patch
queue-3.3/nfsd-don-t-allow-zero-length-strings-in-cache_parse.patch
queue-3.3/tty-moxa-fix-bit-test-in-moxa_start.patch
queue-3.3/x86-tls-off-by-one-limit-check.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
