Re: [PATCH net,stable] s390/qeth: fix length check in SNMP processing

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

From: Julian Wiedmann <jwi@xxxxxxxxxxxxx>
Date: Wed, 28 Nov 2018 16:20:50 +0100

> The response for a SNMP request can consist of multiple parts, which
> the cmd callback stages into a kernel buffer until all parts have been
> received. If the callback detects that the staging buffer provides
> insufficient space, it bails out with error.
> This processing is buggy for the first part of the response - while it
> initially checks for a length of 'data_len', it later copies an
> additional amount of 'offsetof(struct qeth_snmp_cmd, data)' bytes.
> 
> Fix the calculation of 'data_len' for the first part of the response.
> This also nicely cleans up the memcpy code.
> 
> Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
> Signed-off-by: Julian Wiedmann <jwi@xxxxxxxxxxxxx>
> Reviewed-by: Ursula Braun <ubraun@xxxxxxxxxxxxx>

Applied and queued up for -stable.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Kernel Development]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite Info]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Linux Media]     [Device Mapper]

  Powered by Linux