| From hch@infradead.org Tue Dec 6 14:00:24 2011 |
| From: Christoph Hellwig <hch@infradead.org> |
| Date: Tue, 6 Dec 2011 16:21:05 -0500 |
| Subject: xfs: validate acl count |
| To: stable@vger.kernel.org |
| Cc: xfs@oss.sgi.com |
| Message-ID: <20111206212105.GA28459@infradead.org> |
| Content-Disposition: inline |
| |
| From: Christoph Hellwig <hch@infradead.org> |
| |
| commit fa8b18edd752a8b4e9d1ee2cd615b82c93cf8bba upstream. |
| |
| This prevents in-memory corruption and possible panics if the on-disk |
| ACL is badly corrupted. |
| |
| Signed-off-by: Christoph Hellwig <hch@lst.de> |
| Signed-off-by: Ben Myers <bpm@sgi.com> |
| Acked-by: Dave Chinner <dchinner@redhat.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> |
| |
| --- |
| fs/xfs/linux-2.6/xfs_acl.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| --- a/fs/xfs/linux-2.6/xfs_acl.c |
| +++ b/fs/xfs/linux-2.6/xfs_acl.c |
| @@ -42,6 +42,8 @@ xfs_acl_from_disk(struct xfs_acl *aclp) |
| int count, i; |
| |
| count = be32_to_cpu(aclp->acl_cnt); |
| + if (count > XFS_ACL_MAX_ENTRIES) |
| + return ERR_PTR(-EFSCORRUPTED); |
| |
| acl = posix_acl_alloc(count, GFP_KERNEL); |
| if (!acl) |
