git.ipfire.org Git - thirdparty/kernel/linux.git/commit

]> git.ipfire.org Git - thirdparty/kernel/linux.git/commit

projects / thirdparty / kernel / linux.git / commit

author	HyungJung Joo <jhj140711@gmail.com>
	Fri, 13 Mar 2026 06:34:44 +0000 (15:34 +0900)
committer	Mike Marshall <hubcap@omnibond.com>
	Tue, 7 Apr 2026 15:28:19 +0000 (11:28 -0400)
commit	092e0d0e964279feb9f43f81e8d1c52ef080d085
tree	20b7dfe812788387fa954af0c1b0284035486121	tree \| snapshot
parent	415e507cdefc510c01de8ab6644163327ee9a5d0	commit \| diff

orangefs: validate getxattr response length

orangefs_inode_getxattr() trusts the userspace-client-controlled
downcall.resp.getxattr.val_sz and uses it as a memcpy() length
both for the temporary user buffer and the cached xattr buffer.
Reject malformed negative or oversized lengths before copying
response bytes.

Reported-by: Hyungjung Joo <jhj140711@gmail.com>
Signed-off-by: HyungJung Joo <jhj140711@gmail.com>
Signed-off-by: Mike Marshall <hubcap@omnibond.com>

fs/orangefs/xattr.c

diff | blob | blame | history

A mirror of Linus' kernel repository

RSS Atom