Public bug reported:
Description: qeth: fix length check in SNMP processing
Symptom: Undefined behaviour.
Problem: The response for a SNMP request can consist of multiple parts,
which the cmd callback stages into a kernel buffer until all
parts have been received. If the callback detects that the
staging buffer provides insufficient space, it bails out with
error.
This processing is buggy for the first part of the response -
while it initially checks for a length of 'data_len', it later
copies an additional amount of
'offsetof(struct qeth_snmp_cmd, data)' bytes.
Solution: Fix the calculation of 'data_len' for the first part of the
response.
Upstream-ID: 9a764c1e59684c0358e16ccaafd870629f2cfe67
Should be applied to all Ubuntu Releases in Service
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Skipper Bug Screeners (skipper-screen-team)
Status: New
** Tags: architecture-s39064 bugnameltc-173661 severity-high
targetmilestone-inin1810
** Tags added: architecture-s39064 bugnameltc-173661 severity-high
targetmilestone-inin1810
** Changed in: ubuntu
Assignee: (unassigned) => Skipper Bug Screeners (skipper-screen-team)
** Package changed: ubuntu => linux (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1805802
Title:
[UBUNTU] qeth: fix length check in SNMP processing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1805802/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
