Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-27 14:41:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

xfs: don't crash the vfs on a garbage inline symlink

Browse Source 
The VFS routine that calls ->get_link blindly copies whatever's returned
into the user's buffer.  If we return a NULL pointer, the vfs will
crash on the null pointer.  Therefore, return -EFSCORRUPTED instead of
blowing up the kernel.

[dgc: clean up with hch's suggestions]

Reported-by: wen.xu@gatech.edu
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Allison Henderson <allison.henderson@oracle.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
This commit is contained in:
Darrick J. Wong 2018-09-29 13:40:40 +10:00 committed by Dave Chinner
parent 5b394b2ddf
commit ae29478766
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
fs/xfs/xfs_iops.c
View File

@ -471,8 +471,18 @@ xfs_vn_get_link_inline(
struct inode *inode, struct inode *inode,
struct delayed_call *done) struct delayed_call *done)
{ {
char *link;
ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE); ASSERT(XFS_I(inode)->i_df.if_flags & XFS_IFINLINE);
return XFS_I(inode)->i_df.if_u1.if_data;
/*
* The VFS crashes on a NULL pointer, so return -EFSCORRUPTED if
* if_data is junk.
*/
link = XFS_I(inode)->i_df.if_u1.if_data;
if (!link)
return ERR_PTR(-EFSCORRUPTED);
return link;
} }
STATIC int STATIC int