3.2.70-rc1 review patch. If anyone has any objections, please let me know.
------------------
From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Inspired by commit f18c34e483ff ("lib: Fix strnlen_user() to not touch
memory after specified maximum") upstream. This version of
strnlen_user(), no longer present upstream, has a similar off-by-one
error.
Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
---
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -113,7 +113,7 @@ long __strnlen_user(const char __user *s
char c;
while (1) {
- if (res>n)
+ if (res >= n)
return n+1;
if (__get_user(c, s))
return 0;
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html