Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

xfs: bulletfproof xfs_qm_scall_trunc_qfiles()

Coverity noticed that if we sent junk into
xfs_qm_scall_trunc_qfiles(), we could get back an
uninitialized error value.  So sanitize the flags we
will accept, and initialize error anyway for good measure.

(This bug may have been introduced via c61a9e39).

Should resolve Coverity CID 1163872.

Signed-off-by: Eric Sandeen <sandeen@redhat.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Jie Liu <jeff.liu@oracle.com>
Signed-off-by: Dave Chinner <david@fromorbit.com>
Eric Sandeen 11 years ago
parent
9da93f9b7c
commit
f58522c5a4
1 changed files with 3 additions and 2 deletions
Unified View Show Diff Stats
  1. 3 2
      fs/xfs/xfs_qm_syscalls.c

+ 3 - 2
fs/xfs/xfs_qm_syscalls.c
View File 

@@ -278,9 +278,10 @@ xfs_qm_scall_trunc_qfiles(
 
 	xfs_mount_t	*mp,
 
 	xfs_mount_t	*mp,
 
 	uint		flags)
 
 	uint		flags)
 
 {
 
 {
 
-	int		error;
 
+	int		error = EINVAL;
 
 
 
-	if (!xfs_sb_version_hasquota(&mp->m_sb) || flags == 0) {
 
+	if (!xfs_sb_version_hasquota(&mp->m_sb) || flags == 0 ||
 
+	    (flags & ~XFS_DQ_ALLTYPES)) {
 
 		xfs_debug(mp, "%s: flags=%x m_qflags=%x",
 
 		xfs_debug(mp, "%s: flags=%x m_qflags=%x",
 
 			__func__, flags, mp->m_qflags);
 
 			__func__, flags, mp->m_qflags);
 
 		return XFS_ERROR(EINVAL);
 
 		return XFS_ERROR(EINVAL);