diff options
| author | Xi Wang <xi.wang@gmail.com> | 2011-12-12 21:55:52 +0000 |
|---|---|---|
| committer | Markus Lehtonen <markus.lehtonen@linux.intel.com> | 2013-04-05 09:09:30 +0300 |
| commit | ed99ae3afcee212b8cb9ad21253ca88d176a876a (patch) | |
| tree | cd731fd5e92fbcd70859ce8f1265858cbc0f9236 | |
| parent | bdfb6a6acec08a50ca46bc585e8aa91d4078d258 (diff) | |
| download | kernel-mfld-blackbay-ed99ae3afcee212b8cb9ad21253ca88d176a876a.tar.gz kernel-mfld-blackbay-ed99ae3afcee212b8cb9ad21253ca88d176a876a.tar.bz2 kernel-mfld-blackbay-ed99ae3afcee212b8cb9ad21253ca88d176a876a.zip | |
xfs: fix acl count validation in xfs_acl_from_disk()
commit 093019cf1b18dd31b2c3b77acce4e000e2cbc9ce upstream.
Commit fa8b18ed didn't prevent the integer overflow and possible
memory corruption. "count" can go negative and bypass the check.
Signed-off-by: Xi Wang <xi.wang@gmail.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Ben Myers <bpm@sgi.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
| -rw-r--r-- | fs/xfs/linux-2.6/xfs_acl.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/xfs/linux-2.6/xfs_acl.c b/fs/xfs/linux-2.6/xfs_acl.c index 4b9fb915d44..f86e0348786 100644 --- a/fs/xfs/linux-2.6/xfs_acl.c +++ b/fs/xfs/linux-2.6/xfs_acl.c @@ -39,7 +39,7 @@ xfs_acl_from_disk(struct xfs_acl *aclp) struct posix_acl_entry *acl_e; struct posix_acl *acl; struct xfs_acl_entry *ace; - int count, i; + unsigned int count, i; count = be32_to_cpu(aclp->acl_cnt); if (count > XFS_ACL_MAX_ENTRIES) |