xfs: underflow bug in xfs_attrlist_by_handle()
If we allocate less than sizeof(struct attrlist) then we end up corrupting memory or doing a ZERO_PTR_SIZE dereference. This can only be triggered with CAP_SYS_ADMIN. Reported-by: NNico Golde <nico@ngolde.de> Reported-by: NFabian Yamaguchi <fabs@goesec.de> Signed-off-by: NDan Carpenter <dan.carpenter@oracle.com> Reviewed-by: NDave Chinner <dchinner@redhat.com> Signed-off-by: NBen Myers <bpm@sgi.com> (cherry picked from commit 071c529e)
Showing
想要评论请 注册 或 登录