From: Brian Foster <bfoster@redhat.com>
To: "Darrick J. Wong" <darrick.wong@oracle.com>
Cc: linux-xfs@vger.kernel.org
Subject: Re: [PATCH 2/4] xfs: namecheck attribute names before listing them
Date: Mon, 28 Oct 2019 14:18:57 -0400 [thread overview]
Message-ID: <20191028181857.GC26529@bfoster> (raw)
In-Reply-To: <157198049955.2873445.974102983711142585.stgit@magnolia>
On Thu, Oct 24, 2019 at 10:14:59PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@oracle.com>
>
> Actually call namecheck on attribute names before we hand them over to
> userspace.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
> ---
> fs/xfs/libxfs/xfs_attr_leaf.h | 4 ++--
> fs/xfs/xfs_attr_list.c | 40 ++++++++++++++++++++++++++++++++--------
> 2 files changed, 34 insertions(+), 10 deletions(-)
>
>
...
> diff --git a/fs/xfs/xfs_attr_list.c b/fs/xfs/xfs_attr_list.c
> index 00758fdc2fec..3a1158a1347d 100644
> --- a/fs/xfs/xfs_attr_list.c
> +++ b/fs/xfs/xfs_attr_list.c
...
> @@ -174,6 +179,11 @@ xfs_attr_shortform_list(xfs_attr_list_context_t *context)
> cursor->hashval = sbp->hash;
> cursor->offset = 0;
> }
> + if (!xfs_attr_namecheck(sbp->name, sbp->namelen)) {
> + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
> + context->dp->i_mount);
> + return -EFSCORRUPTED;
> + }
It looks like we still need to handle freeing sbuf in this path.
> context->put_listent(context,
> sbp->flags,
> sbp->name,
...
> @@ -557,6 +574,13 @@ xfs_attr_put_listent(
> ASSERT(context->firstu >= sizeof(*alist));
> ASSERT(context->firstu <= context->bufsize);
>
> + if (!xfs_attr_namecheck(name, namelen)) {
> + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
> + context->dp->i_mount);
> + context->seen_enough = -EFSCORRUPTED;
> + return;
> + }
> +
Any reason we call this here and the ->put_listent() callers?
Brian
> /*
> * Only list entries in the right namespace.
> */
>
next prev parent reply other threads:[~2019-10-28 18:19 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-10-25 5:14 [PATCH 0/4] xfs: more metadata verifier tightening Darrick J. Wong
2019-10-25 5:14 ` [PATCH 1/4] xfs: check attribute leaf block structure Darrick J. Wong
2019-10-28 18:18 ` Brian Foster
2019-10-28 18:27 ` Darrick J. Wong
2019-10-25 5:14 ` [PATCH 2/4] xfs: namecheck attribute names before listing them Darrick J. Wong
2019-10-28 18:18 ` Brian Foster [this message]
2019-10-28 18:22 ` Darrick J. Wong
2019-10-25 5:15 ` [PATCH 3/4] xfs: namecheck directory entry " Darrick J. Wong
2019-10-25 12:56 ` Christoph Hellwig
2019-10-25 16:04 ` Darrick J. Wong
2019-10-29 7:16 ` Christoph Hellwig
2019-10-29 16:23 ` Darrick J. Wong
2019-10-30 21:32 ` Christoph Hellwig
2019-10-30 22:18 ` Darrick J. Wong
2019-10-28 18:19 ` Brian Foster
2019-10-28 18:23 ` Darrick J. Wong
2019-10-25 5:15 ` [PATCH 4/4] xfs: replace -EIO with -EFSCORRUPTED for corrupt metadata Darrick J. Wong
2019-10-25 12:54 ` Christoph Hellwig
2019-10-28 18:19 ` Brian Foster
2019-10-29 4:03 [PATCH v2 0/4] xfs: more metadata verifier tightening Darrick J. Wong
2019-10-29 4:03 ` [PATCH 2/4] xfs: namecheck attribute names before listing them Darrick J. Wong
2019-10-29 10:03 ` Brian Foster
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191028181857.GC26529@bfoster \
--to=bfoster@redhat.com \
--cc=darrick.wong@oracle.com \
--cc=linux-xfs@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).