ext4: add corruption check in ext4_xattr_set_entry()
commit 5369a762 upstream. In theory this should have been caught earlier when the xattr list was verified, but in case it got missed, it's simple enough to add check to make sure we don't overrun the xattr buffer. This addresses CVE-2018-10879. https://bugzilla.kernel.org/show_bug.cgi?id=200001 Signed-off-by:Theodore Ts'o <tytso@mit.edu> Reviewed-by:
Andreas Dilger <adilger@dilger.ca> [bwh: Backported to 3.16: - Add inode parameter to ext4_xattr_set_entry() and update callers - Return -EIO instead of -EFSCORRUPTED on error - Adjust context] Signed-off-by:
Ben Hutchings <ben@decadent.org.uk> [adjusted context for 4.9] Signed-off-by:
Daniel Rosenberg <drosen@google.com> Signed-off-by:
Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Loading
Please sign in to comment