DivestOS/Patches/Linux_CVEs-New/CVE-2017-7187/ANY/1.patch
2017-10-29 14:23:02 -04:00

55 lines
8.4 KiB
Diff

<!DOCTYPE html>
<html lang='en'>
<head>
<title>kernel/git/torvalds/linux.git - Linux kernel source tree</title>
<meta name='generator' content='cgit v1.1'/>
<meta name='robots' content='noindex, nofollow'/>
<link rel='stylesheet' type='text/css' href='/cgit-data/cgit.css'/>
<link rel='shortcut icon' href='/favicon.ico'/>
<link rel='alternate' title='Atom feed' href='http://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/atom/?h=master' type='application/atom+xml'/>
<link rel='vcs-git' href='git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git' title='kernel/git/torvalds/linux.git Git repository'/>
<link rel='vcs-git' href='https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git' title='kernel/git/torvalds/linux.git Git repository'/>
<link rel='vcs-git' href='https://kernel.googlesource.com/pub/scm/linux/kernel/git/torvalds/linux.git' title='kernel/git/torvalds/linux.git Git repository'/>
</head>
<body>
<div id='cgit'><table id='header'>
<tr>
<td class='logo' rowspan='2'><a href='/'><img src='/cgit-data/cgit.png' alt='cgit logo'/></a></td>
<td class='main'><a href='/'>index</a> : <a title='kernel/git/torvalds/linux.git' href='/pub/scm/linux/kernel/git/torvalds/linux.git/'>kernel/git/torvalds/linux.git</a></td><td class='form'><form method='get'>
<input type='hidden' name='id' value='bf33f87dd04c371ea33feb821b60d63d754e3124'/><select name='h' onchange='this.form.submit();'>
<option value='master' selected='selected'>master</option>
</select> <input type='submit' value='switch'/></form></td></tr>
<tr><td class='sub'>Linux kernel source tree</td><td class='sub right'>Linus Torvalds</td></tr></table>
<table class='tabs'><tr><td>
<a href='/pub/scm/linux/kernel/git/torvalds/linux.git/about/'>about</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/'>summary</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/refs/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>refs</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/log/'>log</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/tree/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>tree</a><a class='active' href='/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>commit</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/diff/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>diff</a><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/stats/'>stats</a></td><td class='form'><form class='right' method='get' action='/pub/scm/linux/kernel/git/torvalds/linux.git/log/'>
<input type='hidden' name='id' value='bf33f87dd04c371ea33feb821b60d63d754e3124'/><select name='qt'>
<option value='grep'>log msg</option>
<option value='author'>author</option>
<option value='committer'>committer</option>
<option value='range'>range</option>
</select>
<input class='txt' type='text' size='10' name='q' value=''/>
<input type='submit' value='search'/>
</form>
</td></tr></table>
<div class='content'><div class='cgit-panel'><b>diff options</b><form method='get'><input type='hidden' name='id' value='bf33f87dd04c371ea33feb821b60d63d754e3124'/><table><tr><td colspan='2'/></tr><tr><td class='label'>context:</td><td class='ctrl'><select name='context' onchange='this.form.submit();'><option value='1'>1</option><option value='2'>2</option><option value='3' selected='selected'>3</option><option value='4'>4</option><option value='5'>5</option><option value='6'>6</option><option value='7'>7</option><option value='8'>8</option><option value='9'>9</option><option value='10'>10</option><option value='15'>15</option><option value='20'>20</option><option value='25'>25</option><option value='30'>30</option><option value='35'>35</option><option value='40'>40</option></select></td></tr><tr><td class='label'>space:</td><td class='ctrl'><select name='ignorews' onchange='this.form.submit();'><option value='0' selected='selected'>include</option><option value='1'>ignore</option></select></td></tr><tr><td class='label'>mode:</td><td class='ctrl'><select name='dt' onchange='this.form.submit();'><option value='0' selected='selected'>unified</option><option value='1'>ssdiff</option><option value='2'>stat only</option></select></td></tr><tr><td/><td class='ctrl'><noscript><input type='submit' value='reload'/></noscript></td></tr></table></form></div><table summary='commit info' class='commit-info'>
<tr><th>author</th><td><span class='libravatar'><img class='inline' src='//seccdn.libravatar.org/avatar/4eec58130038acd6aaabcca082619069?s=13&amp;d=retro' /><img class='onhover' src='//seccdn.libravatar.org/avatar/4eec58130038acd6aaabcca082619069?s=128&amp;d=retro' /></span>peter chang &lt;dpf@google.com&gt;</td><td class='right'>2017-02-15 14:11:54 -0800</td></tr>
<tr><th>committer</th><td><span class='libravatar'><img class='inline' src='//seccdn.libravatar.org/avatar/5fa3a7a6a7d7cc494ebd696ac297e701?s=13&amp;d=retro' /><img class='onhover' src='//seccdn.libravatar.org/avatar/5fa3a7a6a7d7cc494ebd696ac297e701?s=128&amp;d=retro' /></span>Martin K. Petersen &lt;martin.petersen@oracle.com&gt;</td><td class='right'>2017-03-16 19:46:33 -0400</td></tr>
<tr><th>commit</th><td colspan='2' class='sha1'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>bf33f87dd04c371ea33feb821b60d63d754e3124</a> (<a href='/pub/scm/linux/kernel/git/torvalds/linux.git/patch/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>patch</a>)</td></tr>
<tr><th>tree</th><td colspan='2' class='sha1'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/tree/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>4207379ccff4dd625ff04a3cbc44fddfe819fac9</a></td></tr>
<tr><th>parent</th><td colspan='2' class='sha1'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=645b8ef5943f95b74240568105ce2be21c6640b4'>645b8ef5943f95b74240568105ce2be21c6640b4</a> (<a href='/pub/scm/linux/kernel/git/torvalds/linux.git/diff/?id=bf33f87dd04c371ea33feb821b60d63d754e3124&amp;id2=645b8ef5943f95b74240568105ce2be21c6640b4'>diff</a>)</td></tr><tr><th>download</th><td colspan='2' class='sha1'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/snapshot/linux-bf33f87dd04c371ea33feb821b60d63d754e3124.tar.gz'>linux-bf33f87dd04c371ea33feb821b60d63d754e3124.tar.gz</a><br/></td></tr></table>
<div class='commit-subject'>scsi: sg: check length passed to SG_NEXT_CMD_LEN</div><div class='commit-msg'>The user can control the size of the next command passed along, but the
value passed to the ioctl isn't checked against the usable max command
size.
Cc: &lt;stable@vger.kernel.org&gt;
Signed-off-by: Peter Chang &lt;dpf@google.com&gt;
Acked-by: Douglas Gilbert &lt;dgilbert@interlog.com&gt;
Signed-off-by: Martin K. Petersen &lt;martin.petersen@oracle.com&gt;
</div><div class='diffstat-header'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/diff/?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>Diffstat</a></div><table summary='diffstat' class='diffstat'><tr><td class='mode'>-rw-r--r--</td><td class='upd'><a href='/pub/scm/linux/kernel/git/torvalds/linux.git/diff/drivers/scsi/sg.c?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>drivers/scsi/sg.c</a></td><td class='right'>2</td><td class='graph'><table summary='file diffstat' width='2%'><tr><td class='add' style='width: 100.0%;'/><td class='rem' style='width: 0.0%;'/><td class='none' style='width: 0.0%;'/></tr></table></td></tr>
</table><div class='diffstat-summary'>1 files changed, 2 insertions, 0 deletions</div><table summary='diff' class='diff'><tr><td><div class='head'>diff --git a/drivers/scsi/sg.c b/drivers/scsi/sg.c<br/>index e831e01..849ff810 100644<br/>--- a/<a href='/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/scsi/sg.c?id=645b8ef5943f95b74240568105ce2be21c6640b4'>drivers/scsi/sg.c</a><br/>+++ b/<a href='/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/scsi/sg.c?id=bf33f87dd04c371ea33feb821b60d63d754e3124'>drivers/scsi/sg.c</a></div><div class='hunk'>@@ -996,6 +996,8 @@ sg_ioctl(struct file *filp, unsigned int cmd_in, unsigned long arg)</div><div class='ctx'> result = get_user(val, ip);</div><div class='ctx'> if (result)</div><div class='ctx'> return result;</div><div class='add'>+ if (val &gt; SG_MAX_CDB_SIZE)</div><div class='add'>+ return -ENOMEM;</div><div class='ctx'> sfp-&gt;next_cmd_len = (val &gt; 0) ? val : 0;</div><div class='ctx'> return 0;</div><div class='ctx'> case SG_GET_VERSION_NUM:</div></td></tr></table></div> <!-- class=content -->
<div class='footer'>generated by <a href='https://git.zx2c4.com/cgit/about/'>cgit v1.1</a> at 2017-10-29 18:19:16 +0000</div>
</div> <!-- id=cgit -->
</body>
</html>