Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1810540imm;
        Mon, 3 Sep 2018 10:02:18 -0700 (PDT)
X-Google-Smtp-Source: ANB0VdaahIEeOiUTLu39bTXq7mOhbVlARxqfaxu5nLNM+u2yNFrPtYPGWbHd0pmKqAPwMizu70tJ
X-Received: by 2002:a63:4306:: with SMTP id q6-v6mr26034753pga.181.1535994138572;
        Mon, 03 Sep 2018 10:02:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535994138; cv=none;
        d=google.com; s=arc-20160816;
        b=p2QffCyONi72Bfvd8+ZmZ0Dc3WlMulRl96r14J5l2kw6ghQG1HbSsLS47Np2It4tE3
         VwxWsDCieg6fJygGsU83H5Kd21a7NfnGHckHSI+vwPzrL7akZizFaYmSHv4Mvd71NDRh
         yELPsEumRgBeaV7nU+nnAC8u66ORw73dqTy4eIpCPuyFCkqo+cFATtBV1f7FfVkckPat
         QmM0klyj+ZGrO08UUFoBmSgrRAx/a+L+oq3/C0KWLfA65twDfJ7Pph8TmwKKwrjeAfNZ
         dSslNQau5257SfbmFxXusO/Sz5XuXPevhIBlQ/hMyzJY5RuMI/chztgGiBfNbg6oBSQ3
         mGrg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=khp+DYTVRH3TpiKSi0roMVFGg8pa6noA3I2CRa3Yx9w=;
        b=B3OKkr5s1tGjOePmnSCb6cjzIQrAQkOiJNRLddur7RwamYdvYOMMfE5u913mZ/taqp
         +kbdC1q5gcKGPuy4aYNrWDlXMof2yoaZOYqGuPvdoOvlKtlsKT2mxjD0ZreP8hLGs+Dg
         0u2vjfpitIKnek2P3XLohT8XPglnpFDMMaR7i4I38tXiMyJgudlJsAGeNQPcHzGXnOa8
         GVhM9QMCCNrjE4sbeeP331OaE+6idJlwNusXqMnWAMOqQCrGGkUETAnw7ARsd+47idHy
         ikQ/wT/Zs+PUJ4hJnGY56QD15d+MunV0EJBfu5EqoZMTU/iE/UpMVd+cqWAQVcSXQ2pk
         hw0Q==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id y123-v6si19076898pfc.302.2018.09.03.10.02.03;
        Mon, 03 Sep 2018 10:02:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1728231AbeICVVa (ORCPT <rfc822;vladislav.valtchev@gmail.com>
        + 99 others); Mon, 3 Sep 2018 17:21:30 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:38534 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1728064AbeICVV3 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Sep 2018 17:21:29 -0400
Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id EC271CFB;
        Mon,  3 Sep 2018 17:00:29 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Wen Xu <wen.xu@gatech.edu>,
        Theodore Tso <tytso@mit.edu>
Subject: [PATCH 4.4 47/80] ext4: check for NUL characters in extended attributes name
Date:   Mon,  3 Sep 2018 18:49:25 +0200
Message-Id: <20180903164936.037943693@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180903164934.171677301@linuxfoundation.org>
References: <20180903164934.171677301@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.4-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Theodore Ts'o <tytso@mit.edu>

commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream.

Extended attribute names are defined to be NUL-terminated, so the name
must not contain a NUL character.  This is important because there are
places when remove extended attribute, the code uses strlen to
determine the length of the entry.  That should probably be fixed at
some point, but code is currently really messy, so the simplest fix
for now is to simply validate that the extended attributes are sane.

https://bugzilla.kernel.org/show_bug.cgi?id=200401

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/xattr.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -197,6 +197,8 @@ ext4_xattr_check_names(struct ext4_xattr
 		struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
 		if ((void *)next >= end)
 			return -EFSCORRUPTED;
+		if (strnlen(e->e_name, e->e_name_len) != e->e_name_len)
+			return -EFSCORRUPTED;
 		e = next;
 	}