From b509d4c613892411220757adfb0b85985ddc7f2a Mon Sep 17 00:00:00 2001
From: Ben Hutchings <benh@debian.org>
Date: Sun, 4 Oct 2009 23:37:40 +0000
Subject: [PATCH] nfs: Avoid overrun when copying client IP address string
 (Closes: #549002)

svn path=/dists/trunk/linux-2.6/; revision=14334
---
 debian/changelog                              |  2 ++
 ...-nfs-avoid-overrun-copying-client-ip.patch | 25 +++++++++++++++++++
 debian/patches/series/base                    |  1 +
 3 files changed, 28 insertions(+)
 create mode 100644 debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch

diff --git a/debian/changelog b/debian/changelog
index 835b459f0..5277a0110 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -6,6 +6,8 @@ linux-2.6 (2.6.31-1~experimental.2) UNRELEASED; urgency=low
     - Firmware package status
     - Network configuration and status (optional)
     - USB device list
+  * nfs: Avoid overrun when copying client IP address string
+    (Closes: #549002)
 
  -- Ben Hutchings <ben@decadent.org.uk>  Sun, 04 Oct 2009 19:48:35 +0100
 
diff --git a/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch b/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
new file mode 100644
index 000000000..f06a210e2
--- /dev/null
+++ b/debian/patches/bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch
@@ -0,0 +1,25 @@
+From: Ben Hutchings <ben@decadent.org.uk>
+Date: Sun, 04 Oct 2009 14:25:50 +0100
+Subject: [PATCH] nfs: Avoid overrun when copying client IP address string
+
+As seen in <http://bugs.debian.org/549002>, nfs4_init_client() can
+overrun the source string when copying the client IP address from
+nfs_parsed_mount_data::client_address to nfs_client::cl_ipaddr.  Since
+these are both treated as null-terminated strings elsewhere, the copy
+should be done with strlcpy() not memcpy().
+
+Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
+---
+diff --git a/fs/nfs/client.c b/fs/nfs/client.c
+index 75c9cd2..f525a2f 100644
+--- a/fs/nfs/client.c
++++ b/fs/nfs/client.c
+@@ -1073,7 +1073,7 @@ static int nfs4_init_client(struct nfs_client *clp,
+ 				      1, flags & NFS_MOUNT_NORESVPORT);
+ 	if (error < 0)
+ 		goto error;
+-	memcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
++	strlcpy(clp->cl_ipaddr, ip_addr, sizeof(clp->cl_ipaddr));
+ 
+ 	error = nfs_idmap_new(clp);
+ 	if (error < 0) {
diff --git a/debian/patches/series/base b/debian/patches/series/base
index 94a0b82e7..5296dcf9c 100644
--- a/debian/patches/series/base
+++ b/debian/patches/series/base
@@ -37,3 +37,4 @@
 + bugfix/x86/fix-alternatives-on-486.patch
 + bugfix/x86/fix-i8xx-agp-flush.patch
 + bugfix/all/stable/2.6.31.1.patch
++ bugfix/all/fs-nfs-avoid-overrun-copying-client-ip.patch