[PATCH 6.4 097/800] reiserfs: Initialize sec->length in reiserfs_security_init().

Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> · Sun, 16 Jul 2023 21:39:10 +0200

From: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>

[ Upstream commit d031f4e8b493df299123fbb4ec13db870584ed28 ]

syzbot is reporting that sec->length is not initialized.

Since security_inode_init_security() returns 0 when initxattrs is provided
but call_int_hook(inode_init_security) returned -EOPNOTSUPP, control will
reach to "if (sec->length && ...) {" without initializing sec->length.

Reported-by: syzbot <syzbot+00a3779539a23cbee38c@xxxxxxxxxxxxxxxxxxxxxxxxx>
Closes: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c
Signed-off-by: Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx>
Fixes: 52ca4b6435a4 ("reiserfs: Switch to security_inode_init_security()")
Signed-off-by: Paul Moore <paul@xxxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
---
 fs/reiserfs/xattr_security.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c
index 6e0a099dd7886..078dd8cc312fc 100644
--- a/fs/reiserfs/xattr_security.c
+++ b/fs/reiserfs/xattr_security.c
@@ -67,6 +67,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
 
 	sec->name = NULL;
 	sec->value = NULL;
+	sec->length = 0;
 
 	/* Don't add selinux attributes on xattrs - they'll never get used */
 	if (IS_PRIVATE(dir))
-- 
2.39.2









