[Top] [All Lists]

[PATCH] xfs: fix acl count validation in xfs_acl_from_disk()

To: Christoph Hellwig <hch@xxxxxx>, Ben Myers <bpm@xxxxxxx>
Subject: [PATCH] xfs: fix acl count validation in xfs_acl_from_disk()
From: Xi Wang <xi.wang@xxxxxxxxx>
Date: Mon, 12 Dec 2011 16:55:52 -0500
Cc: xfs@xxxxxxxxxxx, linux-kernel@xxxxxxxxxxxxxxx, Xi Wang <xi.wang@xxxxxxxxx>
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=from:to:cc:subject:date:message-id:x-mailer; bh=u0T04Mpyc8KKZwZ+jBdSn5FGqRM/o92PNipkJjM0vAU=; b=td/jCz/RSy0NH+iFP5dnTBxuZp+gt/3yzJIcqmGJMNc6RqvHJoKb3ZY9e/AO/FVY33 LRgdQuOTRgguv5UYgbJ2FOQM38Qpx1kW0OJwJ9I+IRLqcwyaqbNROgdiXLH5O+9HhxJf HcEU3IgmElrbFsU1svfh+YtsJ5QhVqk/RuceA=
Commit fa8b18ed didn't prevent the integer overflow and possible
memory corruption.  "count" can go negative and bypass the check.

Signed-off-by: Xi Wang <xi.wang@xxxxxxxxx>
 fs/xfs/xfs_acl.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index 76e4266..ac702a6 100644
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -39,7 +39,7 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
        struct posix_acl_entry *acl_e;
        struct posix_acl *acl;
        struct xfs_acl_entry *ace;
-       int count, i;
+       unsigned int count, i;
        count = be32_to_cpu(aclp->acl_cnt);
        if (count > XFS_ACL_MAX_ENTRIES)

<Prev in Thread] Current Thread [Next in Thread>