From patchwork Fri Apr 11 12:24:56 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Luis Henriques X-Patchwork-Id: 338493 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) by ozlabs.org (Postfix) with ESMTP id D5478140083; Fri, 11 Apr 2014 22:25:11 +1000 (EST) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1WYaW0-0005UD-0y; Fri, 11 Apr 2014 12:25:04 +0000 Received: from youngberry.canonical.com ([91.189.89.112]) by huckleberry.canonical.com with esmtp (Exim 4.76) (envelope-from ) id 1WYaVt-0005SU-TK for kernel-team@lists.ubuntu.com; Fri, 11 Apr 2014 12:24:57 +0000 Received: from bl20-146-219.dsl.telepac.pt ([2.81.146.219] helo=localhost) by youngberry.canonical.com with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1WYaVt-0005wi-JD; Fri, 11 Apr 2014 12:24:57 +0000 From: Luis Henriques To: =?utf-8?B?WU9TSElGVUpJIEhpZGVha2kgLyDlkInol6Toi7HmmI4=?= Subject: Re: [3.11.y.z extended stable] Patch "isdnloop: Validate NUL-terminated strings from user." has been added to staging queue References: <1397216882-32277-1-git-send-email-luis.henriques@canonical.com> Date: Fri, 11 Apr 2014 13:24:56 +0100 In-Reply-To: <1397216882-32277-1-git-send-email-luis.henriques@canonical.com> (Luis Henriques's message of "Fri, 11 Apr 2014 12:48:02 +0100") Message-ID: <874n205a07.fsf@canonical.com> MIME-Version: 1.0 Cc: kernel-team@lists.ubuntu.com X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.14 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: kernel-team-bounces@lists.ubuntu.com Luis Henriques writes: > This is a note to let you know that I have just added a patch titled > > isdnloop: Validate NUL-terminated strings from user. > > to the linux-3.11.y-queue branch of the 3.11.y.z extended stable tree > which can be found at: > > http://kernel.ubuntu.com/git?p=ubuntu/linux.git;a=shortlog;h=refs/heads/linux-3.11.y-queue > > If you, or anyone else, feels it should not be added to this tree, please > reply to this email. > > For more information about the 3.11.y.z tree, see > https://wiki.ubuntu.com/Kernel/Dev/ExtendedStable > > Thanks. > -Luis > > ------ Ups, looks like I've a bug in my scripts and the actual patch wasn't appended. The patch that has been queued for the 3.11 kernel is the one below. Cheers, diff --git a/drivers/isdn/isdnloop/isdnloop.c b/drivers/isdn/isdnloop/isdnloop.c index 02125e6..e1f8748 100644 --- a/drivers/isdn/isdnloop/isdnloop.c +++ b/drivers/isdn/isdnloop/isdnloop.c @@ -1070,6 +1070,12 @@ isdnloop_start(isdnloop_card *card, isdnloop_sdef *sdefp) return -EBUSY; if (copy_from_user((char *) &sdef, (char *) sdefp, sizeof(sdef))) return -EFAULT; + + for (i = 0; i < 3; i++) { + if (!memchr(sdef.num[i], 0, sizeof(sdef.num[i]))) + return -EINVAL; + } + spin_lock_irqsave(&card->isdnloop_lock, flags); switch (sdef.ptype) { case ISDN_PTYPE_EURO: