On Fri, 2013-11-29 at 13:42 +0000, Luis Henriques wrote: > Hi, > > Please consider including the following commit in 2.6.32, 3.2 and 3.8 > as it fixes CVE-2013-6378 (Greg's stable trees already contain it): I've queued this up for 3.2. Ben. > commit a497e47d4aec37aaf8f13509f3ef3d1f6a717d88 > Author: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Date: Wed Oct 30 20:12:51 2013 +0300 > > libertas: potential oops in debugfs > > If we do a zero size allocation then it will oops. Also we can't be > sure the user passes us a NUL terminated string so I've added a > terminator. > > This code can only be triggered by root. > > Reported-by: Nico Golde <nico@xxxxxxxxx> > Reported-by: Fabian Yamaguchi <fabs@xxxxxxxxx> > Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> > Acked-by: Dan Williams <dcbw@xxxxxxxxxx> > Signed-off-by: John W. Linville <linville@xxxxxxxxxxxxx> > > Cheers, > -- > Luis -- Ben Hutchings Kids! Bringing about Armageddon can be dangerous. Do not attempt it in your own home. - Terry Pratchett and Neil Gaiman, `Good Omens'
Attachment:
signature.asc
Description: This is a digitally signed message part