X-Spam-Checker-Version: SpamAssassin 3.4.0-r929098 (2010-03-30) on oss.sgi.com
X-Spam-Level: 
X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham
	version=3.4.0-r929098
Received: from cuda.sgi.com (cuda2.sgi.com [192.48.176.25])
	by oss.sgi.com (8.14.3/8.14.3/SuSE Linux 0.8) with ESMTP id pAS8JQWb225223
	for <xfs@oss.sgi.com>; Mon, 28 Nov 2011 02:19:26 -0600
X-ASG-Debug-ID: 1322468365-1dd701ae0000-NocioJ
X-Barracuda-URL: http://cuda.sgi.com:80/cgi-bin/mark.cgi
Received: from bombadil.infradead.org (localhost [127.0.0.1])
	by cuda.sgi.com (Spam Firewall) with ESMTP id 2ACF04FADD6
	for <xfs@oss.sgi.com>; Mon, 28 Nov 2011 00:19:26 -0800 (PST)
Received: from bombadil.infradead.org (173-166-109-252-newengland.hfc.comcastbusiness.net [173.166.109.252]) by cuda.sgi.com with ESMTP id AZ8xDXEr7RvFFQlF for <xfs@oss.sgi.com>; Mon, 28 Nov 2011 00:19:26 -0800 (PST)
Received: from hch by bombadil.infradead.org with local (Exim 4.76 #1 (Red Hat Linux))
	id 1RUwQv-00077c-Ln
	for xfs@oss.sgi.com; Mon, 28 Nov 2011 08:19:25 +0000
Message-Id: <20111128081925.630748714@bombadil.infradead.org>
User-Agent: quilt/0.48-1
Date: Mon, 28 Nov 2011 03:17:34 -0500
From: Christoph Hellwig <hch@infradead.org>
To: xfs@oss.sgi.com
X-ASG-Orig-Subj: [PATCH 2/4] xfs: validate acl count
Subject: [PATCH 2/4] xfs: validate acl count
References: <20111128081732.350228200@bombadil.infradead.org>
Content-Disposition: inline; filename=xfs-validate-acls
X-SRS-Rewrite: SMTP reverse-path rewritten from <hch@infradead.org> by bombadil.infradead.org
	See http://www.infradead.org/rpr.html
X-Barracuda-Connect: 173-166-109-252-newengland.hfc.comcastbusiness.net[173.166.109.252]
X-Barracuda-Start-Time: 1322468366
X-Barracuda-Bayes: INNOCENT GLOBAL 0.0000 1.0000 -2.0210
X-Barracuda-Virus-Scanned: by cuda.sgi.com at sgi.com
X-Barracuda-Spam-Score: -1.42
X-Barracuda-Spam-Status: No, SCORE=-1.42 using per-user scores of TAG_LEVEL=2.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=2.1 tests=BSF_SC5_MJ1963, RDNS_DYNAMIC
X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.81521
	Rule breakdown below
	 pts rule name              description
	---- ---------------------- --------------------------------------------------
	0.10 RDNS_DYNAMIC           Delivered to trusted network by host with
	                           dynamic-looking rDNS
	0.50 BSF_SC5_MJ1963         Custom Rule MJ1963
X-Virus-Scanned: ClamAV version 0.94.2, clamav-milter version 0.94.2 on oss.sgi.com
X-Virus-Status: Clean

This prevents in-memory corruption and possible panics if the on-disk
ACL is badly corrupted.

Signed-off-by: Christoph Hellwig <hch@lst.de>

Index: xfs/fs/xfs/xfs_acl.c
===================================================================
--- xfs.orig/fs/xfs/xfs_acl.c	2011-11-20 12:49:11.181244706 +0100
+++ xfs/fs/xfs/xfs_acl.c	2011-11-20 12:49:50.637697619 +0100
@@ -42,6 +42,8 @@ xfs_acl_from_disk(struct xfs_acl *aclp)
 	int count, i;
 
 	count = be32_to_cpu(aclp->acl_cnt);
+	if (count > XFS_ACL_MAX_ENTRIES)
+		return ERR_PTR(-EFSCORRUPTED);
 
 	acl = posix_acl_alloc(count, GFP_KERNEL);
 	if (!acl)