From patchwork Sun Sep 2 15:35:40 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: cgxu519 X-Patchwork-Id: 965113 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-ext4-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=gmx.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 423HHY2MLFz9ryt for ; Mon, 3 Sep 2018 01:35:53 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726123AbeIBTwE (ORCPT ); Sun, 2 Sep 2018 15:52:04 -0400 Received: from mout.gmx.net ([212.227.15.15]:36589 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726056AbeIBTwD (ORCPT ); Sun, 2 Sep 2018 15:52:03 -0400 Received: from localhost.localdomain ([116.30.193.253]) by mail.gmx.com (mrgmx001 [212.227.17.184]) with ESMTPSA (Nemesis) id 0Lcj9b-1fVzQy1Wg3-00k8eV; Sun, 02 Sep 2018 17:35:48 +0200 From: Chengguang Xu To: tytso@mit.edu, adilger.kernel@dilger.ca Cc: linux-ext4@vger.kernel.org, Chengguang Xu Subject: [PATCH] ext4: add additinal sanity check for ext4_acl_from_disk() Date: Sun, 2 Sep 2018 23:35:40 +0800 Message-Id: <20180902153540.15343-1-cgxu519@gmx.com> X-Mailer: git-send-email 2.17.1 X-Provags-ID: V03:K1:5MESTu9KXzVrxHIkGPzKuHhJLmWHDWBi8IoR4GElOi3J2xs8/nJ KoUo1iC9y91DRAaIQOwCK6uKnFresMz6k6jgZnRD3WfOzsrE84xI9bqAxWeH6dIrsn6ZiU2 ihb4FYxJf05f6EWJf/tOksEmOW8E/qWq8i0G4J4Wrgho294l+d0i0K2TJB72YdPboGU7+zt WSgNCo6Ku57c5IOh0dw0g== X-UI-Out-Filterresults: notjunk:1; V01:K0:YojuI+gtg8I=:yTpI+sHJUiJ7/VUC5WJFfG Lx9gpL+Rmlu0pBD/IV1IwApwcTtG0TGaeTqI0LJ4s3CX/vzatKr6GKBPYltE6cBNJJmmPksUf pHwzmavuIvjczSiL6xvm1+SsUjxY4Yv3vz2b9AcHBMd3+APuBGgmsmNa80SacB5vN0yz7PqbW zZnp5jcUw6QFWppBX+oSjvmdovz+EhyLsQli8pCsxe6DMwXvR2Fs8tzJCTHoXGi0Y7lC1xiq6 7XQT7Aoi+7DwtrsiSnDYfAS+wCEFqWHxXXdnANP3yIHP/cQMy1GIX3w+ONfwRmn0sipbmg5Vk Cghwy5bMdMerAMO0b+f4C/7xr7Lm42Enaw39Bbn1cNxxqQR/OqFH/2Js/qE2GJX9b4PKwVFYI r3a2XjCNEmPNles6/ZA6Lh0uVVXxfTC+1YhG+Rctlb47ZWh3i9QMFzcXzf4HASfbp/MvV9X8u JQ5D1AsQ3vBP6gerawUBD4O4dguFueGLiIdMg9HRcddDa5ILLV0c6pjyq8oYnNRTp4co18Z9x R3PRXlXctUYpREvGNj8p5UdRQNhwkDX/My43SEKiCRkRbu5yp0mQfeMCMMzP/9WnUcxRcHw39 lFi7UDkbP80lXjcWAYE47T24/2C29EjZ9/nYDODY3rlwec7GPj2czKjpq16htBxfV/iJUB0AG 9hANyEOV8Q9p0lY38A0Jw1lBAV6/32bQDZalyXx41V3h492Sl3j7/y2rDnhjuGrCivuDMG0R3 2EV16EW8p36H/b7UX7uEQW2jRX4w9j1q5KFLTDPtodKB8WQ97kOSk0SHkG8= Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org In the case ACL_USER and ACL_GROUP we check if value has exceeded end, add same check in the case ACL_OTHER as well. Signed-off-by: Chengguang Xu --- fs/ext4/acl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext4/acl.c b/fs/ext4/acl.c index fb50f9aa6ead..9785a559337b 100644 --- a/fs/ext4/acl.c +++ b/fs/ext4/acl.c @@ -52,6 +52,8 @@ ext4_acl_from_disk(const void *value, size_t size) case ACL_OTHER: value = (char *)value + sizeof(ext4_acl_entry_short); + if ((char *)value > end) + goto fail; break; case ACL_USER: