MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 23:13:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

fanotify: sanitize handle_type values when reporting fid

Browse Source 
[ Upstream commit 8631e01c2c ]

Unlike file_handle, type and len of struct fanotify_fh are u8.
Traditionally, filesystem return handle_type < 0xff, but there
is no enforecement for that in vfs.

Add a sanity check in fanotify to avoid truncating handle_type
if its value is > 0xff.

Fixes: 7cdafe6cc4 ("exportfs: check for error return value from exportfs_encode_*()")
Signed-off-by: Amir Goldstein <amir73il@gmail.com>
Signed-off-by: Jan Kara <jack@suse.cz>
Link: https://patch.msgid.link/20250627104835.184495-1-amir73il@gmail.com
Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
Amir Goldstein 2025-06-27 12:48:35 +02:00 committed by Greg Kroah-Hartman
parent faa05c6d5a
commit de07e11831
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
fs/notify/fanotify/fanotify.c
View File

@ -441,7 +441,13 @@ static int fanotify_encode_fh(struct fanotify_fh *fh, struct inode *inode,
dwords = fh_len >> 2; dwords = fh_len >> 2;
type = exportfs_encode_fid(inode, buf, &dwords); type = exportfs_encode_fid(inode, buf, &dwords);
err = -EINVAL; err = -EINVAL;
if (type <= 0 || type == FILEID_INVALID || fh_len != dwords << 2) /*
* Unlike file_handle, type and len of struct fanotify_fh are u8.
* Traditionally, filesystem return handle_type < 0xff, but there
* is no enforecement for that in vfs.
*/
BUILD_BUG_ON(MAX_HANDLE_SZ > 0xff || FILEID_INVALID > 0xff);
if (type <= 0 || type >= FILEID_INVALID || fh_len != dwords << 2)
goto out_err; goto out_err;
fh->type = type; fh->type = type;