diff options
| author | Carlos Maiolino <cmaiolino@redhat.com> | 2011-11-19 13:13:44 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@suse.de> | 2011-11-26 09:10:06 -0800 |
| commit | 626ff2d51fc1127814fa28bdfb1df761ea894755 (patch) | |
| tree | 885735d33631ba30e562ffa4a83d5c0417fec71b /fs/xfs/quota | |
| parent | 70f589ceb96bbf1d4c2c2f5b6c3d6dff19ddd31d (diff) | |
| download | kernel_samsung_smdk4412-626ff2d51fc1127814fa28bdfb1df761ea894755.zip kernel_samsung_smdk4412-626ff2d51fc1127814fa28bdfb1df761ea894755.tar.gz kernel_samsung_smdk4412-626ff2d51fc1127814fa28bdfb1df761ea894755.tar.bz2 | |
xfs: Fix possible memory corruption in xfs_readlink
commit b52a360b2aa1c59ba9970fb0f52bbb093fcc7a24 upstream.
Fixes a possible memory corruption when the link is larger than
MAXPATHLEN and XFS_DEBUG is not enabled. This also remove the
S_ISLNK assert, since the inode mode is checked previously in
xfs_readlink_by_handle() and via VFS.
Updated to address concerns raised by Ben Hutchings about the loose
attention paid to 32- vs 64-bit values, and the lack of handling a
potentially negative pathlen value:
- Changed type of "pathlen" to be xfs_fsize_t, to match that of
ip->i_d.di_size
- Added checking for a negative pathlen to the too-long pathlen
test, and generalized the message that gets reported in that case
to reflect the change
As a result, if a negative pathlen were encountered, this function
would return EFSCORRUPTED (and would fail an assertion for a debug
build)--just as would a too-long pathlen.
Signed-off-by: Alex Elder <aelder@sgi.com>
Signed-off-by: Carlos Maiolino <cmaiolino@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'fs/xfs/quota')
0 files changed, 0 insertions, 0 deletions