From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail.linuxfoundation.org ([140.211.169.12]:35192 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751638AbcIINpX (ORCPT ); Fri, 9 Sep 2016 09:45:23 -0400 Subject: Patch "[PATCH 135/135] tipc: fix nl compat regression for link statistics" has been added to the 4.4-stable tree To: richard.alpe@ericsson.com, alexander.levin@verizon.com, davem@davemloft.net, gregkh@linuxfoundation.org Cc: , From: Date: Fri, 09 Sep 2016 15:38:49 +0200 Message-ID: <147342832919697@kroah.com> MIME-Version: 1.0 Content-Type: text/plain; charset=ANSI_X3.4-1968 Content-Transfer-Encoding: 8bit Sender: stable-owner@vger.kernel.org List-ID: This is a note to let you know that I've just added the patch titled [PATCH 135/135] tipc: fix nl compat regression for link statistics to the 4.4-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: 0135-tipc-fix-nl-compat-regression-for-link-statistics.patch and it can be found in the queue-4.4 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let know about it. >>From 20521e346df27f4e9d07984e024bf8aad1c9878b Mon Sep 17 00:00:00 2001 From: Richard Alpe Date: Thu, 14 Jul 2016 15:02:07 +0100 Subject: [PATCH 135/135] tipc: fix nl compat regression for link statistics [ Upstream commit 55e77a3e8297581c919b45adcc4d0815b69afa84 ] Fix incorrect use of nla_strlcpy() where the first NLA_HDRLEN bytes of the link name where left out. Making the output of tipc-config -ls look something like: Link statistics: dcast-link 1:data0-1.1.2:data0 1:data0-1.1.3:data0 Also, for the record, the patch that introduce this regression claims "Sending the whole object out can cause a leak". Which isn't very likely as this is a compat layer, where the data we are parsing is generated by us and we know the string to be NULL terminated. But you can of course never be to secure. Fixes: 5d2be1422e02 (tipc: fix an infoleak in tipc_nl_compat_link_dump) Signed-off-by: Richard Alpe Signed-off-by: David S. Miller Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/tipc/netlink_compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/tipc/netlink_compat.c +++ b/net/tipc/netlink_compat.c @@ -574,7 +574,7 @@ static int tipc_nl_compat_link_dump(stru link_info.dest = nla_get_flag(link[TIPC_NLA_LINK_DEST]); link_info.up = htonl(nla_get_flag(link[TIPC_NLA_LINK_UP])); - nla_strlcpy(link_info.str, nla_data(link[TIPC_NLA_LINK_NAME]), + nla_strlcpy(link_info.str, link[TIPC_NLA_LINK_NAME], TIPC_MAX_LINK_NAME); return tipc_add_tlv(msg->rep, TIPC_TLV_LINK_INFO, Patches currently in stable-queue which might be from richard.alpe@ericsson.com are queue-4.4/0135-tipc-fix-nl-compat-regression-for-link-statistics.patch