From mboxrd@z Thu Jan  1 00:00:00 1970
From: "David S. Miller" <davem@davemloft.net>
Subject: Re: [PATCH] compat. ifconf: fix limits
Date: Wed, 08 Mar 2006 16:46:27 -0800 (PST)
Message-ID: <20060308.164627.81771250.davem@davemloft.net>
References: <20060308091608.c56360dd.rdunlap@xenotime.net>
Mime-Version: 1.0
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Cc: netdev@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	Alexandra.Kossovsky@oktetlabs.ru, ak@suse.de, akpm@osdl.org,
	torvalds@osdl.org
Return-path: <linux-fsdevel-owner@vger.kernel.org>
Received: from dsl027-180-168.sfo1.dsl.speakeasy.net ([216.27.180.168]:27599
	"EHLO sunset.davemloft.net") by vger.kernel.org with ESMTP
	id S932660AbWCIAqj (ORCPT <rfc822;linux-fsdevel@vger.kernel.org>);
	Wed, 8 Mar 2006 19:46:39 -0500
To: rdunlap@xenotime.net
In-Reply-To: <20060308091608.c56360dd.rdunlap@xenotime.net>
Sender: linux-fsdevel-owner@vger.kernel.org
List-Id: linux-fsdevel.vger.kernel.org

From: "Randy.Dunlap" <rdunlap@xenotime.net>
Date: Wed, 8 Mar 2006 09:16:08 -0800

> From: Randy Dunlap <rdunlap@xenotime.net>
> 
> A recent change to compat. dev_ifconf() in fs/compat_ioctl.c
> causes ifconf data to be truncated 1 entry too early when copying it
> to userspace.  The correct amount of data (length) is returned,
> but the final entry is empty (zero, not filled in).
> The for-loop 'i' check should use <= to allow the final struct
> ifreq32 to be copied.  I also used the ifconf-corruption program
> in kernel bugzilla #4746 to make sure that this change does not
> re-introduce the corruption.
> 
> Signed-off-by: Randy Dunlap <rdunlap@xenotime.net>

Good catch, applied.  Thanks Randy.

Is this one relevant for -stable?