Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMiroslav Benes <mbenes@suse.cz>2018-05-16 12:29:29 +0200
committerMiroslav Benes <mbenes@suse.cz>2018-05-16 12:29:29 +0200
commite1c344530d9e995dbaa420b703c35f02df040992 (patch)
tree351461731dcdd95f41684d37d2157dab1ac0eae6
parent45ecc0e6e19a4cdc19c5784b27a5b04c5a5e73b5 (diff)
parent93c3ee935e79bda46ac994e6be9f846be62d57d4 (diff)
Merge branch 'bsc#1085447_12.23' into SLE12-SP3_Update_2
-rw-r--r--bsc1085447/kgr_patch_bsc1085447.c8
1 files changed, 6 insertions, 2 deletions
diff --git a/bsc1085447/kgr_patch_bsc1085447.c b/bsc1085447/kgr_patch_bsc1085447.c
index 7dfa6ba..8fdce47 100644
--- a/bsc1085447/kgr_patch_bsc1085447.c
+++ b/bsc1085447/kgr_patch_bsc1085447.c
@@ -26,6 +26,7 @@
* a1dfb4c48cc1 ("media: v4l2-compat-ioctl32.c: refactor compat ioctl32 logic")
* 273caa260035 ("media: v4l2-compat-ioctl32.c: make ctrl_is_pointer work for
* subdevs")
+ * 85ea29f19eab ("media: v4l2-compat-ioctl32: don't oops on overlay")
*
* SLE12(-SP1) commits:
* a1cb4af5f1981b67c98c56a1ff9360d52a78db3d
@@ -47,6 +48,7 @@
*
* SLE12-SP3 commits:
* 8c5d5ef65b07d2a8f4288f01c3f25053a92a16f9 ("stable 4.4.116")
+ * 3363da225224f670d30b75b84f5d18bda20b32a6 ("stable 4.4.129")
*
* Copyright (c) 2018 SUSE
* Author: Nicolai Stange <nstange@suse.de>
@@ -369,9 +371,9 @@ static int kgr_put_v4l2_window32(struct v4l2_window __user *kp,
{
/*
* Fix CVE-2017-13166
- * -6 lines (all), +25 lines
+ * -6 lines (all), +27 lines
*/
- struct v4l2_clip __user *kclips = kp->clips;
+ struct v4l2_clip __user *kclips;
struct v4l2_clip32 __user *uclips;
compat_caddr_t p;
u32 clipcount;
@@ -386,6 +388,8 @@ static int kgr_put_v4l2_window32(struct v4l2_window __user *kp,
if (!clipcount)
return 0;
+ if (get_user(kclips, &kp->clips))
+ return -EFAULT;
if (get_user(p, &up->clips))
return -EFAULT;
uclips = compat_ptr(p);