From 5a09d19a9799291e6a125aacb0cd6451b37660f9 Mon Sep 17 00:00:00 2001
From: Sona Sarmadi <sona.sarmadi@enea.com>
Date: Thu, 16 Jun 2016 09:47:10 +0200
Subject: kernel-cifs: CVE-2013-4247

Fix off-by-one bug in build_unc_path_to_root

Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4247

Reference to upstream fix:
https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/
commit/?id=1fc29bacedeabb278080e31bb9c1ecb49f143c3b

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 recipes-kernel/linux/files/fs-CVE-2013-4247.patch | 48 +++++++++++++++++++++++
 recipes-kernel/linux/linux-qoriq-sdk.bbappend     |  1 +
 2 files changed, 49 insertions(+)
 create mode 100644 recipes-kernel/linux/files/fs-CVE-2013-4247.patch

diff --git a/recipes-kernel/linux/files/fs-CVE-2013-4247.patch b/recipes-kernel/linux/files/fs-CVE-2013-4247.patch
new file mode 100644
index 0000000..bee75b9
--- /dev/null
+++ b/recipes-kernel/linux/files/fs-CVE-2013-4247.patch
@@ -0,0 +1,48 @@
+From 1fc29bacedeabb278080e31bb9c1ecb49f143c3b Mon Sep 17 00:00:00 2001
+From: Jeff Layton <jlayton@redhat.com>
+Date: Fri, 31 May 2013 10:00:18 -0400
+Subject: cifs: fix off-by-one bug in build_unc_path_to_root
+
+commit 839db3d10a (cifs: fix up handling of prefixpath= option) changed
+the code such that the vol->prepath no longer contained a leading
+delimiter and then fixed up the places that accessed that field to
+account for that change.
+
+One spot in build_unc_path_to_root was missed however. When doing the
+pointer addition on pos, that patch failed to account for the fact that
+we had already incremented "pos" by one when adding the length of the
+prepath. This caused a buffer overrun by one byte.
+
+This patch fixes the problem by correcting the handling of "pos".
+
+CVE: CVE-2013-4247
+Upstream-Status: Backport
+
+Cc: <stable@vger.kernel.org> # v3.8+
+Reported-by: Marcus Moeller <marcus.moeller@gmx.ch>
+Reported-by: Ken Fallon <ken.fallon@gmail.com>
+Signed-off-by: Jeff Layton <jlayton@redhat.com>
+Signed-off-by: Steve French <sfrench@us.ibm.com>
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+---
+ fs/cifs/connect.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/fs/cifs/connect.c b/fs/cifs/connect.c
+index 5b97e56..e3bc39b 100644
+--- a/fs/cifs/connect.c
++++ b/fs/cifs/connect.c
+@@ -3279,8 +3279,8 @@ build_unc_path_to_root(const struct smb_vol *vol,
+ 	pos = full_path + unc_len;
+ 
+ 	if (pplen) {
+-		*pos++ = CIFS_DIR_SEP(cifs_sb);
+-		strncpy(pos, vol->prepath, pplen);
++		*pos = CIFS_DIR_SEP(cifs_sb);
++		strncpy(pos + 1, vol->prepath, pplen);
+ 		pos += pplen;
+ 	}
+ 
+-- 
+cgit v0.12
+
diff --git a/recipes-kernel/linux/linux-qoriq-sdk.bbappend b/recipes-kernel/linux/linux-qoriq-sdk.bbappend
index 8007b41..6a5bfaa 100644
--- a/recipes-kernel/linux/linux-qoriq-sdk.bbappend
+++ b/recipes-kernel/linux/linux-qoriq-sdk.bbappend
@@ -17,6 +17,7 @@ SRC_URI += "file://add-no-error-uninitialized.patch \
     file://HID_CVE_patches/0013-HID-picolcd_core-validate-output-report-details.patch \
     file://HID_CVE_patches/0014-HID-check-for-NULL-field-when-setting-values.patch \
     file://powerpc-fsl-booke64-Set-vmemmap_psize-to-4K.patch \
+    file://fs-CVE-2013-4247.patch \
     file://Fix-CVE-2014-3153.patch \
     file://CVE-2014-0196_n_tty_write_crash.patch \
     file://Fix-CVE-2014-5471_CVE-2014-5472.patch \ 
-- 
cgit v1.2.3-54-g00ecf