Skip to content
Snippets Groups Projects
Commit 8c505ebe authored by Artem Sadovnikov's avatar Artem Sadovnikov Committed by Greg Kroah-Hartman
Browse files

jfs: xattr: check invalid xattr size more strictly 


commit d9f9d96136cba8fedd647d2c024342ce090133c2 upstream.

Commit 7c55b788 ("jfs: xattr: fix buffer overflow for invalid xattr")
also addresses this issue but it only fixes it for positive values, while
ea_size is an integer type and can take negative values, e.g. in case of
a corrupted filesystem. This still breaks validation and would overflow
because of implicit conversion from int to size_t in print_hex_dump().

Fix this issue by clamping the ea_size value instead.

Found by Linux Verification Center (linuxtesting.org) with Syzkaller.

Cc: stable@vger.kernel.org
Signed-off-by: default avatarArtem Sadovnikov <ancowi69@gmail.com>
Signed-off-by: default avatarDave Kleikamp <dave.kleikamp@oracle.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent a7f28636
No related branches found
No related tags found
Hide whitespace changes
Inline Side-by-side
Showing
with 1 addition and 1 deletion
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment