From: Emoly Liu <emoly@whamcloud.com>
Date: Wed, 14 Aug 2019 07:52:58 +0000 (+0800)
Subject: LU-12602 mdt: check EA size in mdt_getxattr_pack_reply()
X-Git-Tag: 2.12.58~46
X-Git-Url: https://git.whamcloud.com/?a=commitdiff_plain;h=915135c37cbfa6851a5ec732afd20955eb020566;hp=149f005a3199eee13fe6396671613a0f620ee0cc;p=fs%2Flustre-release.git

LU-12602 mdt: check EA size in mdt_getxattr_pack_reply()

Check EA data size(non-positive or excessively large) in case of
any corruption.

Change-Id: I8ccea214f8d7c0403a9df180acf487ee381b8d77
Reported-by: Alibaba Cloud <yunye.ry@alibaba-inc.com>
Signed-off-by: Emoly Liu <emoly@whamcloud.com>
Reviewed-on: https://review.whamcloud.com/35768
Tested-by: jenkins <devops@whamcloud.com>
Reviewed-by: Andreas Dilger <adilger@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: Patrick Farrell <pfarrell@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>
---

diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c
index 06baab6..4c362a3 100644
--- a/lustre/mdt/mdt_xattr.c
+++ b/lustre/mdt/mdt_xattr.c
@@ -97,6 +97,11 @@ static int mdt_getxattr_pack_reply(struct mdt_thread_info * info)
 		/* We could calculate accurate sizes, but this would
 		 * introduce a lot of overhead, let's do it later... */
 		size = info->mti_body->mbo_eadatasize;
+		if (size <= 0 || size > info->mti_mdt->mdt_max_ea_size) {
+			CERROR("%s: invalid EA size(%d) for FLXATTRALL\n",
+			       mdt_obd_name(info->mti_mdt), size);
+			RETURN(-EINVAL);
+		}
 		req_capsule_set_size(pill, &RMF_EAVALS, RCL_SERVER, size);
 		req_capsule_set_size(pill, &RMF_EAVALS_LENS, RCL_SERVER, size);
 	} else {