Received: by 2002:ac0:a5a6:0:0:0:0:0 with SMTP id m35-v6csp1834207imm; Mon, 3 Sep 2018 10:37:49 -0700 (PDT) X-Google-Smtp-Source: ANB0VdZ9jwXHxaVGOm3d+NtFEP0M5M1ghyV+w53Lu1V3xsAFKnxy9wNS1B+S5U5ia92KxqSnB5CS X-Received: by 2002:a17:902:bb08:: with SMTP id l8-v6mr29179381pls.71.1535996268993; Mon, 03 Sep 2018 10:37:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1535996268; cv=none; d=google.com; s=arc-20160816; b=tUyf8pedQxy/8fqSTZ/1ruO8Tee0frKwtC5c3K1iLssmxrLUiyiyFBB1P1vkAG18YW mijQ2z2LmKvaR6pUTCZRwZyO3X6UqhYRMU+1NsCVQj2Uv50J3ZacKY3szM3NmBRNzgvM 8GaByaXe6M2OlynzbunW3bOJq41YNjFx63UhQZOZvrwZong7vKHAPDNpzByrBufJ/5af 77h2pbc1DEzj/zEbbIJL0fTmjau3Uge86mOiAp7c6MydKxjUqDXSkderIrgXo4FWm89e hF8qMApVL7pKLsmb0jCCnc/ChFitpS8UzPs22oE0RCaEyPhZq1mfNYpO0d8y3W5M7kNI 9ARw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:references :in-reply-to:message-id:date:subject:cc:to:from :arc-authentication-results; bh=Z09O16z4dJS/G/EPKDCYRf8HmoOhP5o2l6u+MmUPHrw=; b=gfidKVdJ9J5Q3Gz5x0CLn7U9kMKRkkxtQVOLOTfqyW6UiJdutJR1bHGVPcmkdP0Vkj HuBfh9yk5maxnwFd8YlQ71+Agcnlf9pVRYr295KKg++MEmtZkvSxw2Rbb2kayts7k2XM jgaDoGi8zl/BGUJiRK4G+qcl8GDTNis2qNpMAY3XovwKnluc9YaBkELYnpbG3Lh1T9Ey jbzehpsaZiNlYixt29tdVl2o91FR27R3vqc6ATP2f1ra7FGM9SvujRbf/cm2+VNg4M+4 f4HsaNXFTTaVR4kBcrGhluuCKHjpjGCb6euMJKHi1jzZBxVmIYoOVEV4GewHRlNoVBMV lBvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id r8-v6si18568919pgl.392.2018.09.03.10.37.33; Mon, 03 Sep 2018 10:37:48 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731620AbeICV5Y (ORCPT + 99 others); Mon, 3 Sep 2018 17:57:24 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:48104 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726196AbeICV5X (ORCPT ); Mon, 3 Sep 2018 17:57:23 -0400 Received: from localhost (ip-213-127-74-90.ip.prioritytelecom.net [213.127.74.90]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 92F2ED24; Mon, 3 Sep 2018 17:36:13 +0000 (UTC) From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Wen Xu , Theodore Tso Subject: [PATCH 4.18 041/123] ext4: check for NUL characters in extended attributes name Date: Mon, 3 Sep 2018 18:56:25 +0200 Message-Id: <20180903165721.208980846@linuxfoundation.org> X-Mailer: git-send-email 2.18.0 In-Reply-To: <20180903165719.499675257@linuxfoundation.org> References: <20180903165719.499675257@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.18-stable review patch. If anyone has any objections, please let me know. ------------------ From: Theodore Ts'o commit 7d95178c77014dbd8dce36ee40bbbc5e6c121ff5 upstream. Extended attribute names are defined to be NUL-terminated, so the name must not contain a NUL character. This is important because there are places when remove extended attribute, the code uses strlen to determine the length of the entry. That should probably be fixed at some point, but code is currently really messy, so the simplest fix for now is to simply validate that the extended attributes are sane. https://bugzilla.kernel.org/show_bug.cgi?id=200401 Reported-by: Wen Xu Signed-off-by: Theodore Ts'o Cc: stable@vger.kernel.org Signed-off-by: Greg Kroah-Hartman --- fs/ext4/xattr.c | 2 ++ 1 file changed, 2 insertions(+) --- a/fs/ext4/xattr.c +++ b/fs/ext4/xattr.c @@ -190,6 +190,8 @@ ext4_xattr_check_entries(struct ext4_xat struct ext4_xattr_entry *next = EXT4_XATTR_NEXT(e); if ((void *)next >= end) return -EFSCORRUPTED; + if (strnlen(e->e_name, e->e_name_len) != e->e_name_len) + return -EFSCORRUPTED; e = next; }