From: Dan Carpenter Date: Wed, 22 Oct 2014 14:23:07 +0000 (+0300) Subject: staging: lustre: validate size in ll_setxattr() X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=87ebccf97f54fe20c0a8a86e21164473cc7d57e1;p=GitHub%2FLineageOS%2Fandroid_kernel_motorola_exynos9610.git staging: lustre: validate size in ll_setxattr() If size is smaller than the lov_user_md struct then we are reading beyond the end of the buffer. I guess this is an information leak or it could cause an Oops if the memory is not mapped. Signed-off-by: Dan Carpenter Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/staging/lustre/lustre/llite/xattr.c b/drivers/staging/lustre/lustre/llite/xattr.c index 252a6194ed9b..3ad979635c60 100644 --- a/drivers/staging/lustre/lustre/llite/xattr.c +++ b/drivers/staging/lustre/lustre/llite/xattr.c @@ -234,6 +234,9 @@ int ll_setxattr(struct dentry *dentry, const char *name, struct lov_user_md *lump = (struct lov_user_md *)value; int rc = 0; + if (size != 0 && size < sizeof(struct lov_user_md)) + return -EINVAL; + /* Attributes that are saved via getxattr will always have * the stripe_offset as 0. Instead, the MDS should be * allowed to pick the starting OST index. b=17846 */