dgit.raspbian.org Git - linux.git/commit

author	Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
	Tue, 18 Jan 2022 07:06:04 +0000 (08:06 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Tue, 18 Jan 2022 15:54:31 +0000 (15:54 +0000)
commit	4e15fe552c11e1447b7da28ab1dba6a1122da30d
tree	a2818ff563aca6f527b4b271c7e877357ebaa4bc	tree \| snapshot
parent	d726627ce2f81e545da9f05ad850fb68852a8bd8	commit \| diff

vfs: fs_context: fix up param length parsing in legacy_parse_param

Origin: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-0185

The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an
unsigned type so a large value of "size" results in a high positive
value instead of a negative value as expected. Fix this by getting rid
of the subtraction.

Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
Signed-off-by: William Liu <willsroot@protonmail.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch