Commit e9f94dc2 authored by Theodore Ts'o's avatar Theodore Ts'o Committed by Greg Kroah-Hartman

ext4: ignore e_value_offs for xattrs with value-in-ea-inode

commit e5d01196 upstream.

In other places in fs/ext4/xattr.c, if e_value_inum is non-zero, the
code ignores the value in e_value_offs.  The e_value_offs *should* be
zero, but we shouldn't depend upon it, since it might not be true in a
corrupted/fuzzed file system.

Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202897
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202877Signed-off-by: default avatarTheodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent c3d102ac
...@@ -1696,7 +1696,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i, ...@@ -1696,7 +1696,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i,
/* No failures allowed past this point. */ /* No failures allowed past this point. */
if (!s->not_found && here->e_value_size && here->e_value_offs) { if (!s->not_found && here->e_value_size && !here->e_value_inum) {
/* Remove the old value. */ /* Remove the old value. */
void *first_val = s->base + min_offs; void *first_val = s->base + min_offs;
size_t offs = le16_to_cpu(here->e_value_offs); size_t offs = le16_to_cpu(here->e_value_offs);
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment