| To: | Christoph Hellwig <hch@xxxxxx>, Ben Myers <bpm@xxxxxxx> |
|---|---|
| Subject: | [PATCH] xfs: fix acl count validation in xfs_acl_from_disk() |
| From: | Xi Wang <xi.wang@xxxxxxxxx> |
| Date: | Mon, 12 Dec 2011 16:55:52 -0500 |
| Cc: | xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Xi Wang <xi.wang@xxxxxxxxx> |
| Dkim-signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; bh=u0T04Mpyc8KKZwZ+jBdSn5FGqRM/o92PNipkJjM0vAU=; b=td/jCz/RSy0NH+iFP5dnTBxuZp+gt/3yzJIcqmGJMNc6RqvHJoKb3ZY9e/AO/FVY33 LRgdQuOTRgguv5UYgbJ2FOQM38Qpx1kW0OJwJ9I+IRLqcwyaqbNROgdiXLH5O+9HhxJf HcEU3IgmElrbFsU1svfh+YtsJ5QhVqk/RuceA= |
Commit fa8b18ed didn't prevent the integer overflow and possible
memory corruption. "count" can go negative and bypass the check.
Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
---
fs/xfs/xfs_acl.c | 2 +-
1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index 76e4266..ac702a6 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -39,7 +39,7 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
struct posix_acl_entry *acl_e;
struct posix_acl *acl;
struct xfs_acl_entry *ace;
- int count, i;
+ unsigned int count, i;
count = be32_to_cpu(aclp->acl_cnt);
if (count > XFS_ACL_MAX_ENTRIES)
--
1.7.5.4
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: [PATCH] xfstests 276: Ensure lost+found is not created with wrong link count, Ben Myers |
|---|---|
| Next by Date: | XFS updates for 3.0-stable, Christoph Hellwig |
| Previous by Thread: | XFS status update for November 2011, Christoph Hellwig |
| Next by Thread: | Re: [PATCH] xfs: fix acl count validation in xfs_acl_from_disk(), Christoph Hellwig |
| Indexes: | [Date] [Thread] [Top] [All Lists] |