32 patches

added patches:
	hfs-add-sanity-check-for-file-name-length.patch

2 files changed, 33 insertions, 0 deletions

diff --git a/queue-2.6.32/hfs-add-sanity-check-for-file-name-length.patch b/queue-2.6.32/hfs-add-sanity-check-for-file-name-length.patch
new file mode 100644
index 0000000..ac81a10
--- /dev/null
+++ b/queue-2.6.32/hfs-add-sanity-check-for-file-name-length.patch
@@ -0,0 +1,32 @@
+From bc5b8a9003132ae44559edd63a1623b7b99dfb68 Mon Sep 17 00:00:00 2001
+From: Dan Carpenter <dan.carpenter@oracle.com>
+Date: Mon, 14 Nov 2011 17:52:08 +0300
+Subject: hfs: add sanity check for file name length
+
+From: Dan Carpenter <dan.carpenter@oracle.com>
+
+commit bc5b8a9003132ae44559edd63a1623b7b99dfb68 upstream.
+
+On a corrupted file system the ->len field could be wrong leading to
+a buffer overflow.
+
+Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com>
+Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
+
+---
+ fs/hfs/trans.c |    2 ++
+ 1 file changed, 2 insertions(+)
+
+--- a/fs/hfs/trans.c
++++ b/fs/hfs/trans.c
+@@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb,
+ 
+ 	src = in->name;
+ 	srclen = in->len;
++	if (srclen > HFS_NAMELEN)
++		srclen = HFS_NAMELEN;
+ 	dst = out;
+ 	dstlen = HFS_MAX_NAMELEN;
+ 	if (nls_io) {
diff --git a/queue-2.6.32/series b/queue-2.6.32/series
index 79dc596..4e7b379 100644
--- a/queue-2.6.32/series
+++ b/queue-2.6.32/series
@@ -4,3 +4,4 @@ nfs-sunrpc-don-t-use-a-credential-with-extra-groups.patch
 netlink-validate-nla_msecs-length.patch
 mtd-mtdchar-add-missing-initializer-on-raw-write.patch
 pm-suspend-off-by-one-in-pm_suspend.patch
+hfs-add-sanity-check-for-file-name-length.patch