Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1826555imm;
        Mon, 3 Sep 2018 10:26:23 -0700 (PDT)
X-Google-Smtp-Source: ANB0Vdb2tj0ZP448enzALOETnlR0m68MUKEwL11/+2xflwj4nS2KO8rb+aSM5bOzLlEToZaO6Dx9
X-Received: by 2002:a62:f909:: with SMTP id o9-v6mr30392144pfh.141.1535995583428;
        Mon, 03 Sep 2018 10:26:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1535995583; cv=none;
        d=google.com; s=arc-20160816;
        b=p9GUhsgFv8i9Yg/bmdq+z/FfLByaAHpsis8ehFciop+u5tKyzY6GlwfjnOH8ifBqwJ
         yiMgoOnpkfkWYBrSxxPIVGIA8eArZDLbDhWeIYs8GgZNdvywggaKVAd52u2FUYhLVRjf
         UPnhGg7kDizfvQlvjb330GTP8VjjZgUK+6ulZVCSCAo95EEokcDkGC5gbzOTJZF/FETA
         JPAF2LTl9kVn48nCNPs98Ux0D7pc4VZAm+juR/mGpphaMIU/TPUPNoj2fSh+YbJSGhAY
         HMeqo6U0T3uUW6iEZxhe7d/IOI2/Cncc5BRCZy1GcEAdArURC4ZZ9L7fYecvNeCv8ua5
         8w7g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:references
         :in-reply-to:message-id:date:subject:cc:to:from
         :arc-authentication-results;
        bh=mnjmwEBOUSHC+ZD8HjUpX64Xi7Ux+a4WlSxqxS7vnro=;
        b=p6+gQr1wrADke0A9osjeeo8PvT6D2J9zq24V1kB272a4PtaPS/cNOb5VFpAnHiGy8Z
         AnE9cGQ/pcF1kWKFTv78DQ7g5MDPEsw67Hy/bzPzSoTmXow3+AOhUOtxDPXJFwpd4Y7u
         RkYp+zlw4xvdv2i4YLIuPeasa+lySpLzkvH0/IbGEtkDaRntoRrIlabb21iTtRWqCH0i
         nbyJEIYJ1FyK6yGUo0l6S+HK2sRkCj0NwPd9z9Ad6hAy89oSloWjXw8SYplW5IaOcrmP
         1W61tCsXOkCAF8FHijGcrxhZ1F6pPfrDbDXw3gLfzWbVuR4AgsDtgMHHTC/lYm+MvIrG
         Sejg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id d7-v6si17696110pll.162.2018.09.03.10.26.07;
        Mon, 03 Sep 2018 10:26:23 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1730525AbeICVpc (ORCPT <rfc822;tanxianhu@gmail.com> + 99 others);
        Mon, 3 Sep 2018 17:45:32 -0400
Received: from mail.linuxfoundation.org ([140.211.169.12]:45518 "EHLO
        mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1729531AbeICVpa (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 3 Sep 2018 17:45:30 -0400
Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90])
        by mail.linuxfoundation.org (Postfix) with ESMTPSA id 12162D2F;
        Mon,  3 Sep 2018 17:24:23 +0000 (UTC)
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Wen Xu <wen.xu@gatech.edu>,
        Theodore Tso <tytso@mit.edu>
Subject: [PATCH 4.14 105/165] ext4: check for NUL characters in extended attributes name
Date:   Mon,  3 Sep 2018 18:56:31 +0200
Message-Id: <20180903165700.788970414@linuxfoundation.org>
X-Mailer: git-send-email 2.18.0
In-Reply-To: <20180903165655.003605184@linuxfoundation.org>
References: <20180903165655.003605184@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.14-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Theodore Ts'o <tytso@mit.edu>

commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream.

Extended attribute names are defined to be NUL-terminated, so the name
must not contain a NUL character.  This is important because there are
places when remove extended attribute, the code uses strlen to
determine the length of the entry.  That should probably be fixed at
some point, but code is currently really messy, so the simplest fix
for now is to simply validate that the extended attributes are sane.

https://bugzilla.kernel.org/show_bug.cgi?id=200401

Reported-by: Wen Xu <wen.xu@gatech.edu>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>
Cc: stable@vger.kernel.org
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

---
 fs/ext4/xattr.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/fs/ext4/xattr.c
+++ b/fs/ext4/xattr.c
@@ -189,6 +189,8 @@ ext4_xattr_check_entries(struct ext4_xat
 		struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e);
 		if ((void *)next >= end)
 			return -EFSCORRUPTED;
+		if (strnlen(e->e_name, e->e_name_len) != e->e_name_len)
+			return -EFSCORRUPTED;
 		e = next;
 	}