2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Inspired by commit f18c34e483ff ("lib: Fix strnlen_user() to not touch
memory after specified maximum") upstream. This version of
strnlen_user(), no longer present upstream, has a similar off-by-one
error.
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
(cherry picked from commit 4797489ce83a5f42d0b38089695a48d4a3d1ee0b)
Signed-off-by: Willy Tarreau <w@xxxxxx>
---
arch/x86/lib/usercopy_64.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/arch/x86/lib/usercopy_64.c b/arch/x86/lib/usercopy_64.c
index b7c2849..3428d91 100644
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -113,7 +113,7 @@ long __strnlen_user(const char __user *s, long n)
char c;
while (1) {
- if (res>n)
+ if (res >= n)
return n+1;
if (__get_user(c, s))
return 0;
--
1.7.12.2.21.g234cd45.dirty
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html