[SRU][Bionic][Cosmic][Disco][PATCH 0/1] s390/qeth: fix length check in SNMP processing

Joseph Salisbury joseph.salisbury at canonical.com
Fri Dec 14 16:48:17 UTC 2018


BugLink: https://bugs.launchpad.net/bugs/1805802

== SRU Justification ==
The response for a SNMP request can consist of multiple parts,
              which the cmd callback stages into a kernel buffer until all
              parts have been received. If the callback detects that the
              staging buffer provides insufficient space, it bails out with
              error.
              This processing is buggy for the first part of the response -
              while it initially checks for a length of 'data_len', it later
              copies an additional amount of
              'offsetof(struct qeth_snmp_cmd, data)' bytes.


== Fix ==
9a764c1e5968 ("s390/qeth: fix length check in SNMP processing")

== Regression Potential ==
Low.  Changes limited to s390.

== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.

Julian Wiedmann (1):
  s390/qeth: fix length check in SNMP processing

 drivers/s390/net/qeth_core_main.c | 27 ++++++++++++---------------
 1 file changed, 12 insertions(+), 15 deletions(-)

-- 
2.7.4




More information about the kernel-team mailing list