[<prev] [next>] [day] [month] [year] [list]
Message-Id: <20160912152130.159329947@linuxfoundation.org>
Date: Mon, 12 Sep 2016 17:29:53 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Miklos Szeredi <mszeredi@...hat.com>
Subject: [PATCH 4.7 33/59] ovl: listxattr: use strnlen()
4.7-stable review patch. If anyone has any objections, please let me know.
------------------
From: Miklos Szeredi <mszeredi@...hat.com>
commit 7cb35119d067191ce9ebc380a599db0b03cbd9d9 upstream.
Be defensive about what underlying fs provides us in the returned xattr
list buffer. If it's not properly null terminated, bail out with a warning
insead of BUG.
Signed-off-by: Miklos Szeredi <mszeredi@...hat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
fs/overlayfs/inode.c | 17 ++++++++++-------
1 file changed, 10 insertions(+), 7 deletions(-)
--- a/fs/overlayfs/inode.c
+++ b/fs/overlayfs/inode.c
@@ -279,24 +279,27 @@ ssize_t ovl_listxattr(struct dentry *den
{
struct dentry *realdentry = ovl_dentry_real(dentry);
ssize_t res;
- int off;
+ size_t len;
+ char *s;
res = vfs_listxattr(realdentry, list, size);
if (res <= 0 || size == 0)
return res;
/* filter out private xattrs */
- for (off = 0; off < res;) {
- char *s = list + off;
- size_t slen = strlen(s) + 1;
+ for (s = list, len = res; len;) {
+ size_t slen = strnlen(s, len) + 1;
- BUG_ON(off + slen > res);
+ /* underlying fs providing us with an broken xattr list? */
+ if (WARN_ON(slen > len))
+ return -EIO;
+ len -= slen;
if (ovl_is_private_xattr(s)) {
res -= slen;
- memmove(s, s + slen, res - off);
+ memmove(s, s + slen, len);
} else {
- off += slen;
+ s += slen;
}
}
Powered by blists - more mailing lists