xfs
[Top] [All Lists]

[PATCH 2/4] xfs: validate acl count

To: xfs@xxxxxxxxxxx
Subject: [PATCH 2/4] xfs: validate acl count
From: Christoph Hellwig <hch@xxxxxxxxxxxxx>
Date: Mon, 28 Nov 2011 03:17:34 -0500
References: <20111128081732.350228200@xxxxxxxxxxxxxxxxxxxxxx>
User-agent: quilt/0.48-1
This prevents in-memory corruption and possible panics if the on-disk
ACL is badly corrupted.

Signed-off-by: Christoph Hellwig <hch@xxxxxx>

Index: xfs/fs/xfs/xfs_acl.c
===================================================================
--- xfs.orig/fs/xfs/xfs_acl.c   2011-11-20 12:49:11.181244706 +0100
+++ xfs/fs/xfs/xfs_acl.c        2011-11-20 12:49:50.637697619 +0100
@@ -42,6 +42,8 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
        int count, i;
 
        count = be32_to_cpu(aclp->acl_cnt);
+       if (count > XFS_ACL_MAX_ENTRIES)
+               return ERR_PTR(-EFSCORRUPTED);
 
        acl = posix_acl_alloc(count, GFP_KERNEL);
        if (!acl)

<Prev in Thread] Current Thread [Next in Thread>