staging: lustre: validate size in ll_setxattr()

If size is smaller than the lov_user_md struct then we are reading
beyond the end of the buffer.  I guess this is an information leak or it
could cause an Oops if the memory is not mapped.

Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c
index 252a6194ed9bd083fd8399b41ab3277490947571..3ad979635c60e033548e547efb01c5dee61315b8 100644 (file)
--- a/drivers/staging/lustre/lustre/llite/xattr.c
+++ b/drivers/staging/lustre/lustre/llite/xattr.c
@@ -234,6 +234,9 @@ int ll_setxattr(struct dentry *dentry, const char *name,
                struct lov_user_md *lump = (struct lov_user_md *)value;
                int rc = 0;
 
+               if (size != 0 && size < sizeof(struct lov_user_md))
+                       return -EINVAL;
+
                /* Attributes that are saved via getxattr will always have
                 * the stripe_offset as 0.  Instead, the MDS should be
                 * allowed to pick the starting OST index.   b=17846 */