diff options
| -rw-r--r-- | fs/jfs/xattr.c | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/fs/jfs/xattr.c b/fs/jfs/xattr.c index 5324e4e2b992..3bd5ee45f7b3 100644 --- a/fs/jfs/xattr.c +++ b/fs/jfs/xattr.c | |||
| @@ -791,6 +791,19 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, | |||
| 791 | /* Completely new ea list */ | 791 | /* Completely new ea list */ |
| 792 | xattr_size = sizeof (struct jfs_ea_list); | 792 | xattr_size = sizeof (struct jfs_ea_list); |
| 793 | 793 | ||
| 794 | /* | ||
| 795 | * The size of EA value is limitted by on-disk format up to | ||
| 796 | * __le16, there would be an overflow if the size is equal | ||
| 797 | * to XATTR_SIZE_MAX (65536). In order to avoid this issue, | ||
| 798 | * we can pre-checkup the value size against USHRT_MAX, and | ||
| 799 | * return -E2BIG in this case, which is consistent with the | ||
| 800 | * VFS setxattr interface. | ||
| 801 | */ | ||
| 802 | if (value_len >= USHRT_MAX) { | ||
| 803 | rc = -E2BIG; | ||
| 804 | goto release; | ||
| 805 | } | ||
| 806 | |||
| 794 | ea = (struct jfs_ea *) ((char *) ealist + xattr_size); | 807 | ea = (struct jfs_ea *) ((char *) ealist + xattr_size); |
| 795 | ea->flag = 0; | 808 | ea->flag = 0; |
| 796 | ea->namelen = namelen; | 809 | ea->namelen = namelen; |
| @@ -805,7 +818,7 @@ int __jfs_setxattr(tid_t tid, struct inode *inode, const char *name, | |||
| 805 | /* DEBUG - If we did this right, these number match */ | 818 | /* DEBUG - If we did this right, these number match */ |
| 806 | if (xattr_size != new_size) { | 819 | if (xattr_size != new_size) { |
| 807 | printk(KERN_ERR | 820 | printk(KERN_ERR |
| 808 | "jfs_xsetattr: xattr_size = %d, new_size = %d\n", | 821 | "__jfs_setxattr: xattr_size = %d, new_size = %d\n", |
| 809 | xattr_size, new_size); | 822 | xattr_size, new_size); |
| 810 | 823 | ||
| 811 | rc = -EINVAL; | 824 | rc = -EINVAL; |