[PATCH 3.2 110/164] x86_64: Fix strnlen_user() to not touch memory after specified maximum

[Ben Hutchings]

3.2.70-rc1 review patch.  If anyone has any objections, please let me know.

------------------

From: Ben Hutchings <ben@xxxxxxxxxxxxxxx>

Inspired by commit f18c34e483ff ("lib: Fix strnlen_user() to not touch
memory after specified maximum") upstream.  This version of
strnlen_user(), no longer present upstream, has a similar off-by-one
error.

Signed-off-by: Ben Hutchings <ben@xxxxxxxxxxxxxxx>
Cc: Jan Kara <jack@xxxxxxx>
---
--- a/arch/x86/lib/usercopy_64.c
+++ b/arch/x86/lib/usercopy_64.c
@@ -113,7 +113,7 @@ long __strnlen_user(const char __user *s
 	char c;
 
 	while (1) {
-		if (res>n)
+		if (res >= n)
 			return n+1;
 		if (__get_user(c, s))
 			return 0;

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/