aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLinus Torvalds2014-01-31 08:14:35 -0800
committerLinus Torvalds2014-01-31 08:14:35 -0800
commite30b82bbe098d9514ed0e9b5ec372daf7429e0f7 (patch)
tree3e6f2c6f5d519e166669c9689497043994461338
parent77516dc92a14bb3853df959c0cb3ef51e659f5af (diff)
parent0439e091e3b1fe41a350540c84857a573fde3d72 (diff)
Merge tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy
Pull jfs fix from David Kleikamp: "Minor bug fix for linux-3.14" * tag 'jfs-3.14' of git://github.com/kleikamp/linux-shaggy: jfs: fix xattr value size overflow in __jfs_setxattr
-rw-r--r--fs/jfs/xattr.c15
1 files changed, 14 insertions, 1 deletions
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c
index 5324e4e2b992..3bd5ee45f7b3 100644
--- a/fs/jfs/xattr.c
+++ b/fs/jfs/xattr.c
@@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
/* Completely new ea list */
xattr_size = sizeof (struct jfs_ea_list);
+ /*
+ * The size of EA value is limitted by on-disk format up to
+ * __le16, there would be an overflow if the size is equal
+ * to XATTR_SIZE_MAX (65536). In order to avoid this issue,
+ * we can pre-checkup the value size against USHRT_MAX, and
+ * return -E2BIG in this case, which is consistent with the
+ * VFS setxattr interface.
+ */
+ if (value_len >= USHRT_MAX) {
+ rc = -E2BIG;
+ goto release;
+ }
+
ea = (struct jfs_ea *) ((char *) ealist + xattr_size);
ea->flag = 0;
ea->namelen = namelen;
@@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
/* DEBUG - If we did this right, these number match */
if (xattr_size != new_size) {
printk(KERN_ERR
- "jfs_xsetattr: xattr_size = %d, new_size = %d\n",
+ "__jfs_setxattr: xattr_size = %d, new_size = %d\n",
xattr_size, new_size);
rc = -EINVAL;