FEX-Emu/linux
1
0
Fork 0
mirror of https://github.com/FEX-Emu/linux.git synced 2024-12-18 23:18:20 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Orangefs: validate resp.listxattr.returned_count

Browse Source 
Signed-off-by: Mike Marshall <hubcap@omnibond.com>
This commit is contained in:
Mike Marshall 2015-12-17 16:11:40 -05:00
parent fef8b67ce6
commit 62441fa53b
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fs/orangefs/xattr.c
View File

@ -348,6 +348,7 @@ ssize_t orangefs_listxattr(struct dentry *dentry, char *buffer, size_t size)
int count_keys = 0; int count_keys = 0;
int key_size; int key_size;
int i = 0; int i = 0;
int returned_count = 0;
if (size > 0 && buffer == NULL) { if (size > 0 && buffer == NULL) {
gossip_err("%s: bogus NULL pointers\n", __func__); gossip_err("%s: bogus NULL pointers\n", __func__);
@ -392,10 +393,19 @@ try_again:
if (length == 0) if (length == 0)
goto done; goto done;
returned_count = new_op->downcall.resp.listxattr.returned_count;
if (returned_count < 0 ||
returned_count >= ORANGEFS_MAX_XATTR_LISTLEN) {
gossip_err("%s: impossible value for returned_count:%d:\n",
__func__,
returned_count);
goto done;
}
/* /*
* Check to see how much can be fit in the buffer. Fit only whole keys. * Check to see how much can be fit in the buffer. Fit only whole keys.
*/ */
for (i = 0; i < new_op->downcall.resp.listxattr.returned_count; i++) { for (i = 0; i < returned_count; i++) {
if (total + new_op->downcall.resp.listxattr.lengths[i] > size) if (total + new_op->downcall.resp.listxattr.lengths[i] > size)
goto done; goto done;