This is a dynamically sized ioctl so we need to check the user-provided
parameter for the actual length.
Signed-off-by: Chirantan Ekbote <chirantan@xxxxxxxxxxxx>
---
fs/fuse/file.c | 16 ++++++++++++++++
1 file changed, 16 insertions(+)
diff --git a/fs/fuse/file.c b/fs/fuse/file.c
index c03034e8c1529..1627c14e9dacc 100644
--- a/fs/fuse/file.c
+++ b/fs/fuse/file.c
@@ -19,6 +19,7 @@
#include <linux/falloc.h>
#include <linux/uio.h>
#include <linux/fs.h>
+#include <linux/fscrypt.h>
static struct page **fuse_pages_alloc(unsigned int npages, gfp_t flags,
struct fuse_page_desc **desc)
@@ -2808,6 +2809,21 @@ long fuse_do_ioctl(struct file *file, unsigned int cmd, unsigned long arg,
case FS_IOC_SETFLAGS:
iov->iov_len = sizeof(int);
break;
+ case FS_IOC_GET_ENCRYPTION_POLICY_EX: {
+ struct fscrypt_get_policy_ex_arg policy;
+ unsigned long size_ptr =
+ arg + offsetof(struct fscrypt_get_policy_ex_arg,
+ policy_size);
+
+ if (copy_from_user(&policy.policy_size,
+ (void __user *)size_ptr,
+ sizeof(policy.policy_size)))
+ return -EFAULT;
+
+ iov->iov_len =
+ sizeof(policy.policy_size) + policy.policy_size;
+ break;
+ }
default:
iov->iov_len = _IOC_SIZE(cmd);
break;
--
2.29.2.576.ga3fc446d84-goog
