xfs: fix acl count validation in xfs_acl_from_disk()

Commit fa8b18ed didn't prevent the integer overflow and possible
memory corruption.  "count" can go negative and bypass the check.

Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ben Myers <bpm@sgi.com>

diff --git a/fs/xfs/xfs_acl.c b/fs/xfs/xfs_acl.c
index 76e4266d2e7e4a8fc3bfc609016e4de467b7e5cf..ac702a6eab9b05f6e1e4b9e3dde769a06262f84b 100644 (file)
--- a/fs/xfs/xfs_acl.c
+++ b/fs/xfs/xfs_acl.c
@@ -39,7 +39,7 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
        struct posix_acl_entry *acl_e;
        struct posix_acl *acl;
        struct xfs_acl_entry *ace;
-       int count, i;
+       unsigned int count, i;
 
        count = be32_to_cpu(aclp->acl_cnt);
        if (count > XFS_ACL_MAX_ENTRIES)