diff options
| author | Theodore Ts'o <tytso@mit.edu> | 2019-04-10 00:37:36 -0400 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-05-21 18:50:18 +0200 |
| commit | 01bb84a8d9f557636c432a0743fd25ec77a91248 (patch) | |
| tree | 84956cddfde0df5d22d9791b28983a6c24c59675 /fs/ext4/xattr.c | |
| parent | 4197a149744e6fba8768400cafefaa41d108267d (diff) | |
| download | linux-stable-01bb84a8d9f557636c432a0743fd25ec77a91248.tar.gz linux-stable-01bb84a8d9f557636c432a0743fd25ec77a91248.tar.bz2 linux-stable-01bb84a8d9f557636c432a0743fd25ec77a91248.zip | |
ext4: ignore e_value_offs for xattrs with value-in-ea-inode
commit e5d01196c0428a206f307e9ee5f6842964098ff0 upstream.
In other places in fs/ext4/xattr.c, if e_value_inum is non-zero, the
code ignores the value in e_value_offs. The e_value_offs *should* be
zero, but we shouldn't depend upon it, since it might not be true in a
corrupted/fuzzed file system.
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202897
Bugzilla: https://bugzilla.kernel.org/show_bug.cgi?id=202877
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'fs/ext4/xattr.c')
| -rw-r--r-- | fs/ext4/xattr.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/ext4/xattr.c b/fs/ext4/xattr.c index 6761e905cab0..f2fde3ac8698 100644 --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -1698,7 +1698,7 @@ static int ext4_xattr_set_entry(struct ext4_xattr_info *i, /* No failures allowed past this point. */ - if (!s->not_found && here->e_value_size && here->e_value_offs) { + if (!s->not_found && here->e_value_size && !here->e_value_inum) { /* Remove the old value. */ void *first_val = s->base + min_offs; size_t offs = le16_to_cpu(here->e_value_offs); |