From patchwork Sun Sep 2 15:31:00 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: cgxu519 X-Patchwork-Id: 965111 Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Authentication-Results: ozlabs.org; spf=none (mailfrom) smtp.mailfrom=vger.kernel.org (client-ip=209.132.180.67; helo=vger.kernel.org; envelope-from=linux-ext4-owner@vger.kernel.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=gmx.com Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id 423HBD13VZz9ryt for ; Mon, 3 Sep 2018 01:31:15 +1000 (AEST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726961AbeIBTrZ (ORCPT ); Sun, 2 Sep 2018 15:47:25 -0400 Received: from mout.gmx.net ([212.227.17.22]:54577 "EHLO mout.gmx.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726711AbeIBTrZ (ORCPT ); Sun, 2 Sep 2018 15:47:25 -0400 Received: from localhost.localdomain ([116.30.193.253]) by mail.gmx.com (mrgmx101 [212.227.17.174]) with ESMTPSA (Nemesis) id 0MaF8e-1gBxtC279E-00Jp47; Sun, 02 Sep 2018 17:31:07 +0200 From: Chengguang Xu To: jack@suse.com Cc: linux-ext4@vger.kernel.org, Chengguang Xu Subject: [PATCH] ext2: add additinal sanity check for ext2_acl_from_disk() Date: Sun, 2 Sep 2018 23:31:00 +0800 Message-Id: <20180902153100.4480-1-cgxu519@gmx.com> X-Mailer: git-send-email 2.17.1 X-Provags-ID: V03:K1:J4TMIisLxO1B7WI3vJaYBZzbsb7XDQNana2mKpQ7p1UxGcfxHPI uxaBal4y82giCPj2GIWRW2r0or+tpq/dl1feiCh6DGhZ6ChCc0cP3kP7rp46hV7WQPqcN+v wM6/DoJ6Af5Y2MPXdKEqG0jHeXv52TR9qkdHQzchdPqZ/fWJaEutf4tNoQz6/QPJVMIM5Wm ZZGmDNFO4bVFotXHAMp9A== X-UI-Out-Filterresults: notjunk:1; V01:K0:QJJ2gLVlIL0=:DJSjWg9m+4eGuLNZRqJ+lU T2Rvw3f1UjZcGmP9wJMV7JRQ1h/F9xGwI+KmNFvZY/vDlC6QXQ2ocRvQwmsq14UNc5BGha97m LXgxmH/0/vzrNgVcx1LtKZOPi8YJJNGhcKNV65eS7hZWwRZMTUtHtcHDfX2y8fwUtR28xrRjb zG0DR0Wo2i2W1ASqI2e5QsH7WmKEofqNCCcIty0mnSopUGsluCR4sCHKYMhDdxfb8J+SI9q5g Bkg1rxOpl3eZOeWECD681K9dmI9hoSVPm8Ah3nPz0R2s0aT3yHzbYgw9aNkVyPDxefBVuqmCP DeMkNly6HYEtcdhEeioSvpd3zpo+KLMZX+vSYAuYY1tQzTaVAxnp4V1AyfvxMO4sHhDvWEUo8 k1V7YYvMuqrHEKyHxAaEBehubxJRTN4QV9RdgqCY/BaoGbkuhdV75tbwBnJk0jZDJLyWOOvIj GRIHtZaOUk5ExPP9PEGCx/YQdlKbdCcj1somVZGD2FrhLbK1Rt9BHIZZcNCqM3UmdXVUNFbdT 5ATk1Ld6kGH4RiLLn8W2DHqiLzAaWEWm3vro/18+yJWYkei+RhnCBMpOqG2jdCI6ckP+b5p1o pnLjqS/Ek5cdzJFcZ0M0GJbVJ8Fm+kEzGmo81INleBbw1eTjMsqwTQ/B5sDcVhI+2OmX7Rwh8 EL+tdYsHXgGB1y2zmNuYGzxrwieW11ZQBrtn/SAdH/RIHAonrEwnw0mqqrcaKExWQ4PspfDn+ LCPTC+WbOrGRwWGAIs+tSLO4kgDYLj8b0zQT33NZo/PCnoWpRnspnjDpIU0= Sender: linux-ext4-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-ext4@vger.kernel.org In the case ACL_USER and ACL_GROUP we check if value has exceeded end, add same check in the case ACL_OTHER as well. Signed-off-by: Chengguang Xu --- fs/ext2/acl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c index 224c04abb2e5..3082d93f1cb1 100644 --- a/fs/ext2/acl.c +++ b/fs/ext2/acl.c @@ -53,6 +53,8 @@ ext2_acl_from_disk(const void *value, size_t size) case ACL_OTHER: value = (char *)value + sizeof(ext2_acl_entry_short); + if ((char *)value > end) + goto fail; break; case ACL_USER: