This is a note to let you know that I've just added the patch titled
ipc: fix potential oops when src msg > 4k w/ MSG_COPY
to the 3.8-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
ipc-fix-potential-oops-when-src-msg-4k-w-msg_copy.patch
and it can be found in the queue-3.8 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <[email protected]> know about it.
>From e1082f45f1e2bbf6e25f6b614fc6616ebf709d19 Mon Sep 17 00:00:00 2001
From: Peter Hurley <[email protected]>
Date: Fri, 8 Mar 2013 12:43:26 -0800
Subject: ipc: fix potential oops when src msg > 4k w/ MSG_COPY
From: Peter Hurley <[email protected]>
commit e1082f45f1e2bbf6e25f6b614fc6616ebf709d19 upstream.
If the src msg is > 4k, then dest->next points to the
next allocated segment; resetting it just prior to dereferencing
is bad.
Signed-off-by: Peter Hurley <[email protected]>
Acked-by: Stanislav Kinsbursky <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Signed-off-by: Linus Torvalds <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
ipc/msgutil.c | 3 ---
1 file changed, 3 deletions(-)
--- a/ipc/msgutil.c
+++ b/ipc/msgutil.c
@@ -117,9 +117,6 @@ struct msg_msg *copy_msg(struct msg_msg
if (alen > DATALEN_MSG)
alen = DATALEN_MSG;
- dst->next = NULL;
- dst->security = NULL;
-
memcpy(dst + 1, src + 1, alen);
len -= alen;
Patches currently in stable-queue which might be from [email protected]
are
queue-3.8/ipc-don-t-allocate-a-copy-larger-than-max.patch
queue-3.8/ipc-fix-potential-oops-when-src-msg-4k-w-msg_copy.patch
--
To unsubscribe from this list: send the line "unsubscribe stable" in
the body of a message to [email protected]
More majordomo info at http://vger.kernel.org/majordomo-info.html
