[SRU][Bionic][Cosmic][Disco][PATCH 0/1] s390/qeth: fix length check in SNMP processing
Joseph Salisbury
joseph.salisbury at canonical.com
Fri Dec 14 16:48:17 UTC 2018
BugLink: https://bugs.launchpad.net/bugs/1805802
== SRU Justification ==
The response for a SNMP request can consist of multiple parts,
which the cmd callback stages into a kernel buffer until all
parts have been received. If the callback detects that the
staging buffer provides insufficient space, it bails out with
error.
This processing is buggy for the first part of the response -
while it initially checks for a length of 'data_len', it later
copies an additional amount of
'offsetof(struct qeth_snmp_cmd, data)' bytes.
== Fix ==
9a764c1e5968 ("s390/qeth: fix length check in SNMP processing")
== Regression Potential ==
Low. Changes limited to s390.
== Test Case ==
A test kernel was built with this patch and tested by the original bug reporter.
The bug reporter states the test kernel resolved the bug.
Julian Wiedmann (1):
s390/qeth: fix length check in SNMP processing
drivers/s390/net/qeth_core_main.c | 27 ++++++++++++---------------
1 file changed, 12 insertions(+), 15 deletions(-)
--
2.7.4
More information about the kernel-team
mailing list