19 lines
553 B
Diff
19 lines
553 B
Diff
Subject: [PATCH] xfs: Fix possible memory corruption in xfs_readlink (2)
|
|
From: Ben Hutchings <ben@decadent.org.uk>
|
|
|
|
Previous fix doesn't check for integer overflow.
|
|
|
|
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
|
|
---
|
|
--- a/fs/xfs/xfs_vnodeops.c
|
|
+++ b/fs/xfs/xfs_vnodeops.c
|
|
@@ -127,7 +127,7 @@ xfs_readlink(
|
|
if (!pathlen)
|
|
goto out;
|
|
|
|
- if (pathlen > MAXPATHLEN) {
|
|
+ if (pathlen < 0 || pathlen > MAXPATHLEN) {
|
|
xfs_alert(mp, "%s: inode (%llu) symlink length (%d) too long",
|
|
__func__, (unsigned long long)ip->i_ino, pathlen);
|
|
ASSERT(0);
|