On 09/03/2018 07:58 PM, Jan Kara wrote:
On Sun 02-09-18 23:31:00, Chengguang Xu wrote:
In the case ACL_USER and ACL_GROUP we check if value has exceeded end,
add same check in the case ACL_OTHER as well.
Signed-off-by: Chengguang Xu <cgxu519@xxxxxxx>
---
fs/ext2/acl.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/fs/ext2/acl.c b/fs/ext2/acl.c
index 224c04abb2e5..3082d93f1cb1 100644
--- a/fs/ext2/acl.c
+++ b/fs/ext2/acl.c
@@ -53,6 +53,8 @@ ext2_acl_from_disk(const void *value, size_t size)
case ACL_OTHER:
value = (char *)value +
sizeof(ext2_acl_entry_short);
+ if ((char *)value > end)
+ goto fail;
This is not needed. This condition is already checked 10 lines above...
Ah, you are right, I just missed that...
Thanks,
