Commit 9663b9c1 authored by Eric Biggers's avatar Eric Biggers Committed by Zizhi Wo
Browse files

f2fs: explicitly null-terminate the xattr list 

mainline inclusion
from mainline-v6.8-rc1
commit e26b6d39270f5eab0087453d9b544189a38c8564
category: bugfix
bugzilla: https://gitee.com/src-openeuler/kernel/issues/I92HXK
CVE: CVE-2023-52436

Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=e26b6d39270f5eab0087453d9b544189a38c8564



--------------------------------

When setting an xattr, explicitly null-terminate the xattr list.  This
eliminates the fragile assumption that the unused xattr space is always
zeroed.

Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
Reviewed-by: default avatarChao Yu <chao@kernel.org>
Signed-off-by: default avatarJaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: default avatarZizhi Wo <wozizhi@huawei.com>
parent c6bcd162

fs/f2fs/xattr.c

+6 −0
Original line number Diff line number Diff line
@@ -741,6 +741,12 @@ static int __f2fs_setxattr(struct inode *inode, int index, 
		memcpy(pval, value, size);

		last->e_value_size = cpu_to_le16(size);

		new_hsize += newsize;

		/*

		 * Explicitly add the null terminator.  The unused xattr space

		 * is supposed to always be zeroed, which would make this

		 * unnecessary, but don't depend on that.

		 */

		*(u32 *)((u8 *)last + newsize) = 0;

	}



	error = write_all_xattrs(inode, new_hsize, base_addr, ipage);