19 lines
553 B
Diff
19 lines
553 B
Diff
|
Subject: [PATCH] xfs: Fix possible memory corruption in xfs_readlink (2)
|
||
|
From: Ben Hutchings <ben@decadent.org.uk>
|
||
|
|
||
|
Previous fix doesn't check for integer overflow.
|
||
|
|
||
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
||
|
---
|
||
|
--- a/fs/xfs/xfs_vnodeops.c
|
||
|
+++ b/fs/xfs/xfs_vnodeops.c
|
||
|
@@ -127,7 +127,7 @@ xfs_readlink(
|
||
|
if (!pathlen)
|
||
|
goto out;
|
||
|
|
||
|
- if (pathlen > MAXPATHLEN) {
|
||
|
+ if (pathlen < 0 || pathlen > MAXPATHLEN) {
|
||
|
xfs_alert(mp, "%s: inode (%llu) symlink length (%d) too long",
|
||
|
__func__, (unsigned long long)ip->i_ino, pathlen);
|
||
|
ASSERT(0);
|