Commit 65480536 authored by Darrick J. Wong's avatar Darrick J. Wong
Browse files

xfs: check attribute name validity 



Check extended attribute entry names for invalid characters.

Signed-off-by: default avatarDarrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: default avatarBrian Foster <bfoster@redhat.com>
parent e5d7d51b

fs/xfs/libxfs/xfs_attr.c

+17 −0
Original line number Diff line number Diff line
@@ -1336,3 +1336,20 @@ xfs_attr_node_get(xfs_da_args_t *args) 
	xfs_da_state_free(state);

	return retval;

}



/* Returns true if the attribute entry name is valid. */

bool

xfs_attr_namecheck(

	const void	*name,

	size_t		length)

{

	/*

	 * MAXNAMELEN includes the trailing null, but (name/length) leave it

	 * out, so use >= for the length check.

	 */

	if (length >= MAXNAMELEN)

		return false;



	/* There shouldn't be any nulls here */

	return !memchr(name, 0, length);

}

fs/xfs/libxfs/xfs_attr.h

+1 −1
Original line number Diff line number Diff line
@@ -145,6 +145,6 @@ int xfs_attr_remove(struct xfs_inode *dp, const unsigned char *name, int flags); 
int xfs_attr_remove_args(struct xfs_da_args *args);

int xfs_attr_list(struct xfs_inode *dp, char *buffer, int bufsize,

		  int flags, struct attrlist_cursor_kern *cursor);



bool xfs_attr_namecheck(const void *name, size_t length);



#endif	/* __XFS_ATTR_H__ */

fs/xfs/scrub/attr.c

+6 −0
Original line number Diff line number Diff line
@@ -93,6 +93,12 @@ xchk_xattr_listent( 
		return;

	}



	/* Does this name make sense? */

	if (!xfs_attr_namecheck(name, namelen)) {

		xchk_fblock_set_corrupt(sx->sc, XFS_ATTR_FORK, args.blkno);

		return;

	}



	args.flags = ATTR_KERNOTIME;

	if (flags & XFS_ATTR_ROOT)

		args.flags |= ATTR_ROOT;