Commit f4020438 authored by Eric Sandeen's avatar Eric Sandeen Committed by Darrick J. Wong

xfs: fix boundary test in xfs_attr_shortform_verify

The boundary test for the fixed-offset parts of xfs_attr_sf_entry in
xfs_attr_shortform_verify is off by one, because the variable array
at the end is defined as nameval[1] not nameval[].
Hence we need to subtract 1 from the calculation.

This can be shown by:

# touch file
# setfattr -n root.a file

and verifications will fail when it's written to disk.

This only matters for a last attribute which has a single-byte name
and no value, otherwise the combination of namelen & valuelen will
push endp further out and this test won't fail.

Fixes: 1e1bbd8e ("xfs: create structure verifier function for shortform xattrs")
Signed-off-by: default avatarEric Sandeen <sandeen@redhat.com>
Reviewed-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarChristoph Hellwig <hch@lst.de>
parent 657f1019
...@@ -1036,8 +1036,10 @@ xfs_attr_shortform_verify( ...@@ -1036,8 +1036,10 @@ xfs_attr_shortform_verify(
* struct xfs_attr_sf_entry has a variable length. * struct xfs_attr_sf_entry has a variable length.
* Check the fixed-offset parts of the structure are * Check the fixed-offset parts of the structure are
* within the data buffer. * within the data buffer.
* xfs_attr_sf_entry is defined with a 1-byte variable
* array at the end, so we must subtract that off.
*/ */
if (((char *)sfep + sizeof(*sfep)) >= endp) if (((char *)sfep + sizeof(*sfep) - 1) >= endp)
return __this_address; return __this_address;
/* Don't allow names with known bad length. */ /* Don't allow names with known bad length. */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment