This is a note to let you know that I've just added the patch titled
orangefs: fix bounds check for listxattr
to the 4.9-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
orangefs-fix-bounds-check-for-listxattr.patch
and it can be found in the queue-4.9 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From a956af337b9ff25822d9ce1a59c6ed0c09fc14b9 Mon Sep 17 00:00:00 2001
From: Martin Brandenburg <martin@xxxxxxxxxxxx>
Date: Tue, 25 Apr 2017 15:37:56 -0400
Subject: orangefs: fix bounds check for listxattr
From: Martin Brandenburg <martin@xxxxxxxxxxxx>
commit a956af337b9ff25822d9ce1a59c6ed0c09fc14b9 upstream.
Signed-off-by: Martin Brandenburg <martin@xxxxxxxxxxxx>
Signed-off-by: Mike Marshall <hubcap@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
fs/orangefs/xattr.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/fs/orangefs/xattr.c
+++ b/fs/orangefs/xattr.c
@@ -358,7 +358,7 @@ try_again:
returned_count = new_op->downcall.resp.listxattr.returned_count;
if (returned_count < 0 ||
- returned_count >= ORANGEFS_MAX_XATTR_LISTLEN) {
+ returned_count > ORANGEFS_MAX_XATTR_LISTLEN) {
gossip_err("%s: impossible value for returned_count:%d:\n",
__func__,
returned_count);
Patches currently in stable-queue which might be from martin@xxxxxxxxxxxx are
queue-4.9/orangefs-do-not-check-possibly-stale-size-on-truncate.patch
queue-4.9/orangefs-fix-bounds-check-for-listxattr.patch
queue-4.9/orangefs-clean-up-oversize-xattr-validation.patch
queue-4.9/orangefs-do-not-set-getattr_time-on-orangefs_lookup.patch