[PATCH] debugfs: fix check for out-of-bound xattr value

[Andreas Dilger <andreas.dilger@xxxxxxxxx>]

Since commit v1.42.12-1-g8a546777119c, the check for in-inode
xattrs in internal_dump_inode_extra() has been incorrectly checking
the value size.  The value can go right to the end of the inode.

Signed-off-by: Andreas Dilger <andreas.dilger@xxxxxxxxx>
---
 debugfs/debugfs.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/debugfs/debugfs.c b/debugfs/debugfs.c
index 260698c..329451c 100644
--- a/debugfs/debugfs.c
+++ b/debugfs/debugfs.c
@@ -557,9 +557,11 @@ static void internal_dump_inode_extra(FILE *out,
 			char *value = start + entry->e_value_offs;
 
 			if (name + entry->e_name_len >= end ||
-			    value + entry->e_value_size >= end ||
-			    (char *) next >= end) {
-				fprintf(out, "invalid EA entry in inode\n");
+			    value + entry->e_value_size > end ||
+			    (char *)next >= end) {
+				fprintf(out, "invalid EA entry in inode: "
+					"name_len=%u value_size=%u\n",
+					entry->e_name_len, entry->e_value_size);
 				return;
 			}
 			fprintf(out, "  ");
-- 
2.4.5

--
To unsubscribe from this list: send the line "unsubscribe linux-ext4" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html