mirror of
https://github.com/nxp-imx/linux-imx.git
synced 2025-07-12 12:25:18 +02:00
jfs: don't walk off the end of ealist
commit d0fa70aca5 upstream.
Add a check before visiting the members of ea to
make sure each ea stays within the ealist.
Signed-off-by: lei lu <llfamsec@gmail.com>
Signed-off-by: Dave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
lei lu
Greg Kroah-Hartman
parent
e05a24289d
commit
17440dbc66
|
|
@ -797,7 +797,7 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
|
||||||
size_t buf_size)
|
size_t buf_size)
|
||||||
{
|
{
|
||||||
struct jfs_ea_list *ealist;
|
struct jfs_ea_list *ealist;
|
||||||
struct jfs_ea *ea;
|
struct jfs_ea *ea, *ealist_end;
|
||||||
struct ea_buffer ea_buf;
|
struct ea_buffer ea_buf;
|
||||||
int xattr_size;
|
int xattr_size;
|
||||||
ssize_t size;
|
ssize_t size;
|
||||||
|
|
@ -817,9 +817,16 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
|
||||||
goto not_found;
|
goto not_found;
|
||||||
|
|
||||||
ealist = (struct jfs_ea_list *) ea_buf.xattr;
|
ealist = (struct jfs_ea_list *) ea_buf.xattr;
|
||||||
|
ealist_end = END_EALIST(ealist);
|
||||||
|
|
||||||
/* Find the named attribute */
|
/* Find the named attribute */
|
||||||
for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea))
|
for (ea = FIRST_EA(ealist); ea < ealist_end; ea = NEXT_EA(ea)) {
|
||||||
|
if (unlikely(ea + 1 > ealist_end) ||
|
||||||
|
unlikely(NEXT_EA(ea) > ealist_end)) {
|
||||||
|
size = -EUCLEAN;
|
||||||
|
goto release;
|
||||||
|
}
|
||||||
|
|
||||||
if ((namelen == ea->namelen) &&
|
if ((namelen == ea->namelen) &&
|
||||||
memcmp(name, ea->name, namelen) == 0) {
|
memcmp(name, ea->name, namelen) == 0) {
|
||||||
/* Found it */
|
/* Found it */
|
||||||
|
|
@ -834,6 +841,7 @@ ssize_t __jfs_getxattr(struct inode *inode, const char *name, void *data,
|
||||||
memcpy(data, value, size);
|
memcpy(data, value, size);
|
||||||
goto release;
|
goto release;
|
||||||
}
|
}
|
||||||
|
}
|
||||||
not_found:
|
not_found:
|
||||||
size = -ENODATA;
|
size = -ENODATA;
|
||||||
release:
|
release:
|
||||||
|
|
@ -861,7 +869,7 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
|
||||||
ssize_t size = 0;
|
ssize_t size = 0;
|
||||||
int xattr_size;
|
int xattr_size;
|
||||||
struct jfs_ea_list *ealist;
|
struct jfs_ea_list *ealist;
|
||||||
struct jfs_ea *ea;
|
struct jfs_ea *ea, *ealist_end;
|
||||||
struct ea_buffer ea_buf;
|
struct ea_buffer ea_buf;
|
||||||
|
|
||||||
down_read(&JFS_IP(inode)->xattr_sem);
|
down_read(&JFS_IP(inode)->xattr_sem);
|
||||||
|
|
@ -876,9 +884,16 @@ ssize_t jfs_listxattr(struct dentry * dentry, char *data, size_t buf_size)
|
||||||
goto release;
|
goto release;
|
||||||
|
|
||||||
ealist = (struct jfs_ea_list *) ea_buf.xattr;
|
ealist = (struct jfs_ea_list *) ea_buf.xattr;
|
||||||
|
ealist_end = END_EALIST(ealist);
|
||||||
|
|
||||||
/* compute required size of list */
|
/* compute required size of list */
|
||||||
for (ea = FIRST_EA(ealist); ea < END_EALIST(ealist); ea = NEXT_EA(ea)) {
|
for (ea = FIRST_EA(ealist); ea < ealist_end; ea = NEXT_EA(ea)) {
|
||||||
|
if (unlikely(ea + 1 > ealist_end) ||
|
||||||
|
unlikely(NEXT_EA(ea) > ealist_end)) {
|
||||||
|
size = -EUCLEAN;
|
||||||
|
goto release;
|
||||||
|
}
|
||||||
|
|
||||||
if (can_list(ea))
|
if (can_list(ea))
|
||||||
size += name_size(ea) + 1;
|
size += name_size(ea) + 1;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user