diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-31 17:14:35 +0100 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-01-31 17:14:35 +0100 |
commit | e30b82bbe098d9514ed0e9b5ec372daf7429e0f7 (patch) | |
tree | 3e6f2c6f5d519e166669c9689497043994461338 | |
parent | ceph: fix missing dput in ceph_set_acl (diff) | |
parent | jfs: fix xattr value size overflow in __jfs_setxattr (diff) | |
download | linux-e30b82bbe098d9514ed0e9b5ec372daf7429e0f7.tar.xz linux-e30b82bbe098d9514ed0e9b5ec372daf7429e0f7.zip |
Merge tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy
Pull jfs fix from David Kleikamp:
"Minor bug fix for linux-3.14"
* tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy:
jfs: fix xattr value size overflow in __jfs_setxattr
-rw-r--r-- | fs/jfs/xattr.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 5324e4e2b992..3bd5ee45f7b3 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c @@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, /* Completely new ea list */ xattr_size = sizeof (struct jfs_ea_list); + /* + * The size of EA value is limitted by on-disk format up to + * __le16, there would be an overflow if the size is equal + * to XATTR_SIZE_MAX (65536). In order to avoid this issue, + * we can pre-checkup the value size against USHRT_MAX, and + * return -E2BIG in this case, which is consistent with the + * VFS setxattr interface. + */ + if (value_len >= USHRT_MAX) { + rc = -E2BIG; + goto release; + } + ea = (struct jfs_ea *) ((char *) ealist + xattr_size); ea->flag = 0; ea->namelen = namelen; @@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, /* DEBUG - If we did this right, these number match */ if (xattr_size != new_size) { printk(KERN_ERR - "jfs_xsetattr: xattr_size = %d, new_size = %d\n", + "__jfs_setxattr: xattr_size = %d, new_size = %d\n", xattr_size, new_size); rc = -EINVAL; |