)]}'
{
  "commit": "90f9cb724d38bf4ac4e355d19b1ee697dceea021",
  "tree": "c40e362d46c39e709d42f94b8a53ee35ed3cb78b",
  "parents": [
    "9ea2c02bafe276e97b592a046ac733610a6d57fd"
  ],
  "author": {
    "name": "Zach Brown",
    "email": "zab@redhat.com",
    "time": "Tue Jul 24 12:10:11 2012 -0700"
  },
  "committer": {
    "name": "Greg Kroah-Hartman",
    "email": "gregkh@linuxfoundation.org",
    "time": "Sun Aug 26 15:00:39 2012 -0700"
  },
  "message": "fuse: verify all ioctl retry iov elements\n\ncommit fb6ccff667712c46b4501b920ea73a326e49626a upstream.\n\nCommit 7572777eef78ebdee1ecb7c258c0ef94d35bad16 attempted to verify that\nthe total iovec from the client doesn\u0027t overflow iov_length() but it\nonly checked the first element.  The iovec could still overflow by\nstarting with a small element.  The obvious fix is to check all the\nelements.\n\nThe overflow case doesn\u0027t look dangerous to the kernel as the copy is\nlimited by the length after the overflow.  This fix restores the\nintention of returning an error instead of successfully copying less\nthan the iovec represented.\n\nI found this by code inspection.  I built it but don\u0027t have a test case.\nI\u0027m cc:ing stable because the initial commit did as well.\n\nSigned-off-by: Zach Brown \u003czab@redhat.com\u003e\nSigned-off-by: Miklos Szeredi \u003cmszeredi@suse.cz\u003e\nSigned-off-by: Greg Kroah-Hartman \u003cgregkh@linuxfoundation.org\u003e\n\n",
  "tree_diff": [
    {
      "type": "modify",
      "old_id": "504e61b7fd7515f8aafe7e3b9edd2c9fa42fd91d",
      "old_mode": 33188,
      "old_path": "fs/fuse/file.c",
      "new_id": "8e6381a14265025764c69d183f17ef7446939d3d",
      "new_mode": 33188,
      "new_path": "fs/fuse/file.c"
    }
  ]
}
