|
|
@@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
|
|
|
/* Completely new ea list */
|
|
|
xattr_size = sizeof (struct jfs_ea_list);
|
|
|
|
|
|
+ /*
|
|
|
+ * The size of EA value is limitted by on-disk format up to
|
|
|
+ * __le16, there would be an overflow if the size is equal
|
|
|
+ * to XATTR_SIZE_MAX (65536). In order to avoid this issue,
|
|
|
+ * we can pre-checkup the value size against USHRT_MAX, and
|
|
|
+ * return -E2BIG in this case, which is consistent with the
|
|
|
+ * VFS setxattr interface.
|
|
|
+ */
|
|
|
+ if (value_len >= USHRT_MAX) {
|
|
|
+ rc = -E2BIG;
|
|
|
+ goto release;
|
|
|
+ }
|
|
|
+
|
|
|
ea = (struct jfs_ea *) ((char *) ealist + xattr_size);
|
|
|
ea->flag = 0;
|
|
|
ea->namelen = namelen;
|
|
|
@@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name,
|
|
|
/* DEBUG - If we did this right, these number match */
|
|
|
if (xattr_size != new_size) {
|
|
|
printk(KERN_ERR
|
|
|
- "jfs_xsetattr: xattr_size = %d, new_size = %d\n",
|
|
|
+ "__jfs_setxattr: xattr_size = %d, new_size = %d\n",
|
|
|
xattr_size, new_size);
|
|
|
|
|
|
rc = -EINVAL;
|
Linus Torvalds