LU-12602 mdt: more EA size check in mdt_getxattr_pack_reply()

[fs/lustre-release.git] / lustre / mdt / mdt_xattr.c

diff --git a/lustre/mdt/mdt_xattr.c b/lustre/mdt/mdt_xattr.c
index e5f70e3..82d94c7 100644 (file)
--- a/lustre/mdt/mdt_xattr.c
+++ b/lustre/mdt/mdt_xattr.c
@@ -97,6 +97,13 @@ static int mdt_getxattr_pack_reply(struct mdt_thread_info * info)
                /* We could calculate accurate sizes, but this would
                 * introduce a lot of overhead, let's do it later... */
                size = info->mti_body->mbo_eadatasize;
+               if (size <= 0 || size > info->mti_mdt->mdt_max_ea_size ||
+                   size & (sizeof(__u32) - 1)) {
+                       DEBUG_REQ(D_ERROR, req,
+                                 "%s: invalid EA size(%d) for FLXATTRALL\n",
+                                 mdt_obd_name(info->mti_mdt), size);
+                       RETURN(-EINVAL);
+               }
                req_capsule_set_size(pill, &RMF_EAVALS, RCL_SERVER, size);
                req_capsule_set_size(pill, &RMF_EAVALS_LENS, RCL_SERVER, size);
        } else {
@@ -241,6 +248,10 @@ int mdt_getxattr(struct mdt_thread_info *info)
 
        CDEBUG(D_INODE, "getxattr "DFID"\n", PFID(&info->mti_body->mbo_fid1));
 
+       rc = req_check_sepol(info->mti_pill);
+       if (rc)
+               RETURN(err_serious(rc));
+
         reqbody = req_capsule_client_get(info->mti_pill, &RMF_MDT_BODY);
         if (reqbody == NULL)
                 RETURN(err_serious(-EFAULT));