[Utopic][Vivid][PATCH 0/1] n_tty: Fix read buffer overwrite when no newline

[Joseph Salisbury]

BugLink: http://bugs.launchpad.net/bugs/1381005

== Utopic and Vivid SRU Justification ==
Long stdin from terminal(>4096 Characters) can result in code execution.
Under certain conditions, the input entered from a terminal with a foreground 
process waiting for stdin, can be interpreted and executed by the shell.  
Instead of reading the input, the current program exits (read() only reads one 
character before EOF) and the shell executes the same input starting from the 
second character.

This bug was introduced in v3.12-rc1 when mainline commit 24a89d1 was applied.  

Mainline commit fb5ef9e which was introduced in v4.0-rc1 resolves this bug.
This commit does not cherry-pick cleanly, so I performed a backport for 
Utopic and Vivid.  Trusty can not use the backport of fb5ef9e7 
becuase smp_load_acquire was not introduced until 3.14-rc1.  I'll look into 
alternative way that this bug could be fixed in Trusty.

I also submitted my backport for inclusion in the vl3.14.y, v3.16.y-ckt, v3.18.y,
v3.19.y upstream stable kernels. Not requested in upstream v3.12.y or v3.13.y-ckt 
again because smp_load_acquire was not introduced until 3.14-rc1, so an entirly 
different fix is needed for those versions. 

== Fix ==
commit fb5ef9e7da39968fec6d6f37f20a23d23740c75e
Author: Peter Hurley <peter at hurleysoftware.com>
Date:   Fri Jan 16 15:05:39 2015 -0500

    n_tty: Fix read buffer overwrite when no newline



== Test Case ==

A test kernel was built with this patch and tested by myself and another bug 
commenter.  The bug reporter states the test kernel resolved the bug.


Peter Hurley (1):
  n_tty: Fix read buffer overwrite when no newline

 drivers/tty/n_tty.c | 108 +++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 81 insertions(+), 27 deletions(-)

-- 
2.1.0