From: Christoph Hellwig <hch@lst.de>
Date: Mon, 11 May 2020 19:00:18 +0000 (-0400)
Subject: db: validate name and namelen in attr_set_f and attr_remove_f
X-Git-Tag: xfsprogs-5.7-fixes_2020-06-25~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=38cff22d176af7af77b24ea0ee1b0f68724eb53b;p=thirdparty%2Fxfsprogs-dev.git

db: validate name and namelen in attr_set_f and attr_remove_f

libxfs has stopped validating these parameters internally, so do it
in the xfs_db commands.

Signed-off-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Eric Sandeen <sandeen@sandeen.net>
---

diff --git a/db/attrset.c b/db/attrset.c
index 0a464983d..e35752711 100644
--- a/db/attrset.c
+++ b/db/attrset.c
@@ -130,7 +130,16 @@ attr_set_f(
 	}
 
 	args.name = (const unsigned char *)argv[optind];
+	if (!args.name) {
+		dbprintf(_("invalid name\n"));
+		return 0;
+	}
+
 	args.namelen = strlen(argv[optind]);
+	if (args.namelen >= MAXNAMELEN) {
+		dbprintf(_("name too long\n"));
+		return 0;
+	}
 
 	if (args.valuelen) {
 		args.value = memalign(getpagesize(), args.valuelen);
@@ -216,7 +225,16 @@ attr_remove_f(
 	}
 
 	args.name = (const unsigned char *)argv[optind];
+	if (!args.name) {
+		dbprintf(_("invalid name\n"));
+		return 0;
+	}
+
 	args.namelen = strlen(argv[optind]);
+	if (args.namelen >= MAXNAMELEN) {
+		dbprintf(_("name too long\n"));
+		return 0;
+	}
 
 	if (libxfs_iget(mp, NULL, iocur_top->ino, 0, &args.dp,
 			&xfs_default_ifork_ops)) {