dgit.raspbian.org Git - linux.git/commit

author	Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
	Tue, 18 Jan 2022 07:06:04 +0000 (08:06 +0100)
committer	Salvatore Bonaccorso <carnil@debian.org>
	Mon, 28 Feb 2022 11:23:03 +0000 (11:23 +0000)
commit	3115ee6e1fa09d622894ceb65bb6b127c70251da
tree	36eb08d11b4dff397234524aa1706d323012b27d	tree \| snapshot
parent	80947d0e305082c447fae5199d7ca351f1feded9	commit \| diff

vfs: fs_context: fix up param length parsing in legacy_parse_param

Origin: https://git.kernel.org/linus/722d94847de29310e8aa03fcbdb41fc92c521756
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2022-0185

The "PAGE_SIZE - 2 - size" calculation in legacy_parse_param() is an
unsigned type so a large value of "size" results in a high positive
value instead of a negative value as expected. Fix this by getting rid
of the subtraction.

Signed-off-by: Jamie Hill-Daniel <jamie@hill-daniel.co.uk>
Signed-off-by: William Liu <willsroot@protonmail.com>
Tested-by: Salvatore Bonaccorso <carnil@debian.org>
Tested-by: Thadeu Lima de Souza Cascardo <cascardo@canonical.com>
Acked-by: Dan Carpenter <dan.carpenter@oracle.com>
Acked-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Gbp-Pq: Topic bugfix/all
Gbp-Pq: Name vfs-fs_context-fix-up-param-length-parsing-in-legacy.patch