linux/debian/patches/bugfix/all/xfs-fix-memory-corruption-in-xfs_readlink-2.patch

Subject: [PATCH] xfs: Fix possible memory corruption in xfs_readlink (2)
From: Ben Hutchings <ben@decadent.org.uk>

Previous fix doesn't check for integer overflow.

Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
---
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -127,7 +127,7 @@ xfs_readlink(
 	if (!pathlen)
 		goto out;
 
-	if (pathlen > MAXPATHLEN) {
+	if (pathlen < 0 || pathlen > MAXPATHLEN) {
 		xfs_alert(mp, "%s: inode (%llu) symlink length (%d) too long",
 			 __func__, (unsigned long long)ip->i_ino, pathlen);
 		ASSERT(0);