diff options
| author | Keshav Verma <iganschel@gmail.com> | 2026-06-22 20:44:21 +0530 |
|---|---|---|
| committer | Jaegeuk Kim <jaegeuk@kernel.org> | 2026-06-22 19:55:27 +0000 |
| commit | 5ef5bc304f23c3fe255d4936472378dcb74d0e94 (patch) | |
| tree | b3df8a93ba973ec0b8ebb188c55ed4aee23b2d14 /fs | |
| parent | 34636c6dcd6f75570c553a4188b5dbe0f758159a (diff) | |
| download | ath-5ef5bc304f23c3fe255d4936472378dcb74d0e94.tar.gz | |
f2fs: fix listxattr handling of corrupted xattr entries
Validate the xattr entry before reading its fields in f2fs_listxattr().
Return -EFSCORRUPTED when the entry is outside the valid xattr storage
area instead of returning a successful partial result.
Fixes: 688078e7f36c ("f2fs: fix to avoid memory leakage in f2fs_listxattr")
Cc: stable@kernel.org
Reviewed-by: Chao Yu <chao@kernel.org>
Signed-off-by: Keshav Verma <iganschel@gmail.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fs')
| -rw-r--r-- | fs/f2fs/xattr.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/fs/f2fs/xattr.c b/fs/f2fs/xattr.c index 24cef7e1f56a5..ed33e5110f2ab 100644 --- a/fs/f2fs/xattr.c +++ b/fs/f2fs/xattr.c @@ -583,8 +583,6 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) size_t prefix_len; size_t size; - prefix = f2fs_xattr_prefix(entry->e_name_index, dentry); - if ((void *)(entry) + sizeof(__u32) > last_base_addr || (void *)XATTR_NEXT_ENTRY(entry) > last_base_addr) { f2fs_err(F2FS_I_SB(inode), "list inode (%llu) has corrupted xattr", @@ -594,9 +592,11 @@ ssize_t f2fs_listxattr(struct dentry *dentry, char *buffer, size_t buffer_size) ERROR_CORRUPTED_XATTR); fserror_report_file_metadata(inode, -EFSCORRUPTED, GFP_NOFS); - break; + error = -EFSCORRUPTED; + goto cleanup; } + prefix = f2fs_xattr_prefix(entry->e_name_index, dentry); if (!prefix) continue; |
