This is a note to let you know that I've just added the patch titled
sysctl: fix null checking in bin_dn_node_address()
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
sysctl-fix-null-checking-in-bin_dn_node_address.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From df1778be1a33edffa51d094eeda87c858ded6560 Mon Sep 17 00:00:00 2001
From: Xi Wang <[email protected]>
Date: Wed, 27 Feb 2013 17:05:21 -0800
Subject: sysctl: fix null checking in bin_dn_node_address()
From: Xi Wang <[email protected]>
commit df1778be1a33edffa51d094eeda87c858ded6560 upstream.
The null check of `strchr() + 1' is broken, which is always non-null,
leading to OOB read. Instead, check the result of strchr().
Signed-off-by: Xi Wang <[email protected]>
Cc: "Eric W. Biederman" <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
kernel/sysctl_binary.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
--- a/kernel/sysctl_binary.c
+++ b/kernel/sysctl_binary.c
@@ -1194,9 +1194,10 @@ static ssize_t bin_dn_node_address(struc
/* Convert the decnet address to binary */
result = -EIO;
- nodep = strchr(buf, '.') + 1;
+ nodep = strchr(buf, '.');
if (!nodep)
goto out;
+ ++nodep;
area = simple_strtoul(buf, NULL, 10);
node = simple_strtoul(nodep, NULL, 10);
Patches currently in stable-queue which might be from [email protected] are
queue-3.8/sysctl-fix-null-checking-in-bin_dn_node_address.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
