From: Chengguang Xu <cgxu519@gmx.com>
Date: Thu, 30 Aug 2018 13:33:31 +0000 (+0800)
Subject: f2fs: add additional sanity check in f2fs_acl_from_disk()
X-Git-Tag: rel_imx_5.10.35_2.0.0-somdevices.0~6096^2~61
X-Git-Url: https://git.somdevices.com/?a=commitdiff_plain;h=1618e6e297082def6350887e1c6c606749716fac;p=linux.git

f2fs: add additional sanity check in f2fs_acl_from_disk()

Add additinal sanity check for irregular case(e.g. corruption).
If size of extended attribution is smaller than size of acl header,
then return -EINVAL.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
---

diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
index 111824199a88..20caf341701d 100644
--- a/fs/f2fs/acl.c
+++ b/fs/f2fs/acl.c
@@ -53,6 +53,9 @@ static struct posix_acl *f2fs_acl_from_disk(const char *value, size_t size)
 	struct f2fs_acl_entry *entry = (struct f2fs_acl_entry *)(hdr + 1);
 	const char *end = value + size;
 
+	if (size < sizeof(struct f2fs_acl_header))
+		return ERR_PTR(-EINVAL);
+
 	if (hdr->a_version != cpu_to_le32(F2FS_ACL_VERSION))
 		return ERR_PTR(-EINVAL);