Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorOlaf Hering <ohering@suse.de>2017-10-20 12:20:33 +0200
committerOlaf Hering <ohering@suse.de>2017-10-20 12:23:28 +0200
commit5f4f0d7600c87b9d283eee731c635adaba445dd0 (patch)
tree94125ebf9b12ddd27739a2b30cac99fee75cba3d
parent223165f82e86239eed837d46e29d2e002ecf2de4 (diff)
Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating
adapter id (fate#323887).
-rw-r--r--patches.suse/msft-hv-1439-Drivers-hv-kvp-Use-MAX_ADAPTER_ID_SIZE-for-translati.patch35
-rw-r--r--series.conf1
2 files changed, 36 insertions, 0 deletions
diff --git a/patches.suse/msft-hv-1439-Drivers-hv-kvp-Use-MAX_ADAPTER_ID_SIZE-for-translati.patch b/patches.suse/msft-hv-1439-Drivers-hv-kvp-Use-MAX_ADAPTER_ID_SIZE-for-translati.patch
new file mode 100644
index 0000000000..ea8f7e6e02
--- /dev/null
+++ b/patches.suse/msft-hv-1439-Drivers-hv-kvp-Use-MAX_ADAPTER_ID_SIZE-for-translati.patch
@@ -0,0 +1,35 @@
+From: Alex Ng <alexng@messages.microsoft.com>
+Date: Sun, 6 Aug 2017 13:12:56 -0700
+Patch-mainline: v4.14-rc1
+Subject: Drivers: hv: kvp: Use MAX_ADAPTER_ID_SIZE for translating adapter id
+Git-commit: ddce54b6a95ed5ee3011b4771fda69c2d8a6d538
+References: fate#323887
+
+There's a bug which passes the output buffer size as MAX_IP_ADDR_SIZE,
+when converting the adapter_id field to UTF16. This is much larger than
+the actual size (MAX_ADAPTER_ID_SIZE). Fix this by passing the proper
+size.
+
+Fortunately, the translation is limited by the length of the input. This
+explains why we haven't seen output buffer overflow conditions.
+
+Signed-off-by: Alex Ng <alexng@messages.microsoft.com>
+Signed-off-by: K. Y. Srinivasan <kys@microsoft.com>
+Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Acked-by: Olaf Hering <ohering@suse.de>
+---
+ drivers/hv/hv_kvp.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/hv/hv_kvp.c b/drivers/hv/hv_kvp.c
+--- a/drivers/hv/hv_kvp.c
++++ b/drivers/hv/hv_kvp.c
+@@ -304,7 +304,7 @@ static int process_ob_ipinfo(void *in_msg, void *out_msg, int op)
+ strlen((char *)in->body.kvp_ip_val.adapter_id),
+ UTF16_HOST_ENDIAN,
+ (wchar_t *)out->kvp_ip_val.adapter_id,
+- MAX_IP_ADDR_SIZE);
++ MAX_ADAPTER_ID_SIZE);
+ if (len < 0)
+ return len;
+
diff --git a/series.conf b/series.conf
index 8716d94ea1..70316e3ef3 100644
--- a/series.conf
+++ b/series.conf
@@ -1689,6 +1689,7 @@
patches.suse/msft-hv-1436-Drivers-hv-balloon-Correctly-update-onlined-page-cou.patch
patches.suse/msft-hv-1437-Drivers-hv-balloon-Show-the-max-dynamic-memory-assig.patch
patches.suse/msft-hv-1438-Drivers-hv-balloon-Initialize-last_post_time-on-star.patch
+ patches.suse/msft-hv-1439-Drivers-hv-kvp-Use-MAX_ADAPTER_ID_SIZE-for-translati.patch
patches.suse/suse-hv-guest-os-id.patch
patches.suse/suse-hv-kvp_on_msg.dbg.patch