From 5ea47a9efd5faf9de59be693dc6fa6a8fc6529b7 Mon Sep 17 00:00:00 2001 From: Andreas Dilger Date: Fri, 18 Mar 2016 02:03:45 -0600 Subject: [PATCH] LU-7867 debugfs: fix check for out-of-bound xattr value Since upsream commit 8a546777119c9c0, the validity check for in-inode xattrs in internal_dump_inode_extra() has been incorrectly checking the value size. The value can go right to the end of the inode. Signed-off-by: Andreas Dilger Change-Id: Id20861df7c973d76a433aecfcfd125ca32ce117b Reviewed-on: http://review.whamcloud.com/18999 Reviewed-by: Fan Yong Tested-by: Jenkins Reviewed-by: Matt Ezell --- debugfs/debugfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c index c8eff77..73fedc4 100644 --- a/debugfs/debugfs.c +++ b/debugfs/debugfs.c @@ -610,7 +610,7 @@ static void internal_dump_inode_extra(FILE *out, entry->e_value_inum != 0; if (name + entry->e_name_len >= end || - (!ea_inode && value + entry->e_value_size >= end) || + (!ea_inode && value + entry->e_value_size > end) || (char *)next >= end) { fprintf(out, "invalid EA entry in inode\n"); return; -- 1.8.3.1