f2fs: add additional sanity check in f2fs_acl_from_disk()

Add additinal sanity check for irregular case(e.g. corruption).
If size of extended attribution is smaller than size of acl header,
then return -EINVAL.

Signed-off-by: Chengguang Xu <cgxu519@gmx.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/acl.c b/fs/f2fs/acl.c
index 1118241..20caf34 100644 (file)
--- a/fs/f2fs/acl.c
+++ b/fs/f2fs/acl.c
@@ -53,6 +53,9 @@ static struct posix_acl *f2fs_acl_from_disk(const char *value, size_t size)
        struct f2fs_acl_entry *entry = (struct f2fs_acl_entry *)(hdr + 1);
        const char *end = value + size;
 
+       if (size < sizeof(struct f2fs_acl_header))
+               return ERR_PTR(-EINVAL);
+
        if (hdr->a_version != cpu_to_le32(F2FS_ACL_VERSION))
                return ERR_PTR(-EINVAL);