Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1826555imm; Mon, 3 Sep 2018 10:26:23 -0700 (PDT) X-Google-Smtp-Source: ANB0Vdb2tj0ZP448enzALOETnlR0m68MUKEwL11/+2xflwj4nS2KO8rb+aSM5bOzLlEToZaO6Dx9 X-Received: by 2002:a62:f909:: with SMTP id o9-v6mr30392144pfh.141.1535995583428; Mon, 03 Sep 2018 10:26:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535995583; cv=none; d=google.com; s=arc-20160816; b=p9GUhsgFv8i9Yg/bmdq+z/FfLByaAHpsis8ehFciop+u5tKyzY6GlwfjnOH8ifBqwJ yiMgoOnpkfkWYBrSxxPIVGIA8eArZDLbDhWeIYs8GgZNdvywggaKVAd52u2FUYhLVRjf UPnhGg7kDizfvQlvjb330GTP8VjjZgUK+6ulZVCSCAo95EEokcDkGC5gbzOTJZF/FETA JPAF2LTl9kVn48nCNPs98Ux0D7pc4VZAm+juR/mGpphaMIU/TPUPNoj2fSh+YbJSGhAY HMeqo6U0T3uUW6iEZxhe7d/IOI2/Cncc5BRCZy1GcEAdArURC4ZZ9L7fYecvNeCv8ua5 8w7g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=mnjmwEBOUSHC+ZD8HjUpX64Xi7Ux+a4WlSxqxS7vnro=; b=p6+gQr1wrADke0A9osjeeo8PvT6D2J9zq24V1kB272a4PtaPS/cNOb5VFpAnHiGy8Z AnE9cGQ/pcF1kWKFTv78DQ7g5MDPEsw67Hy/bzPzSoTmXow3+AOhUOtxDPXJFwpd4Y7u RkYp+zlw4xvdv2i4YLIuPeasa+lySpLzkvH0/IbGEtkDaRntoRrIlabb21iTtRWqCH0i nbyJEIYJ1FyK6yGUo0l6S+HK2sRkCj0NwPd9z9Ad6hAy89oSloWjXw8SYplW5IaOcrmP 1W61tCsXOkCAF8FHijGcrxhZ1F6pPfrDbDXw3gLfzWbVuR4AgsDtgMHHTC/lYm+MvIrG Sejg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d7-v6si17696110pll.162.2018.09.03.10.26.07; Mon, 03 Sep 2018 10:26:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730525AbeICVpc (ORCPT + 99 others); Mon, 3 Sep 2018 17:45:32 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:45518 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729531AbeICVpa (ORCPT ); Mon, 3 Sep 2018 17:45:30 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 12162D2F; Mon, 3 Sep 2018 17:24:23 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wen Xu , Theodore Tso Subject: [PATCH 4.14 105/165] ext4: check for NUL characters in extended attributes name Date: Mon, 3 Sep 2018 18:56:31 +0200 Message-Id: <20180903165700.788970414@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180903165655.003605184@linuxfoundation.org> References: <20180903165655.003605184@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Theodore Ts'o commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream. Extended attribute names are defined to be NUL-terminated, so the name must not contain a NUL character. This is important because there are places when remove extended attribute, the code uses strlen to determine the length of the entry. That should probably be fixed at some point, but code is currently really messy, so the simplest fix for now is to simply validate that the extended attributes are sane. https://bugzilla.kernel.org/show_bug.cgi?id=200401 Reported-by: Wen Xu Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/xattr.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -189,6 +189,8 @@ ext4_xattr_check_entries(struct ext4_xat struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e); if ((void *)next >= end) return -EFSCORRUPTED; + if (strnlen(e->e_name, e->e_name_len) != e->e_name_len) + return -EFSCORRUPTED; e = next; }