Skip to content

Commit

Permalink
vfs: Check attribute names in posix acl xattr handers
Browse files Browse the repository at this point in the history 
The get and set operations of the POSIX ACL xattr handlers failed to check
the attribute names, so all names with "system.posix_acl_access" or
"system.posix_acl_default" as a prefix were accepted.  Reject invalid names
from now on.

Signed-off-by: Andreas Gruenbacher <[email protected]>
Signed-off-by: Al Viro <[email protected]>
  • Loading branch information
Andreas Gruenbacher authored and Al Viro committed Nov 14, 2015
1 parent 7c7afc4 commit c361016
Showing 1 changed file with 4 additions and 0 deletions.
4 changes: 4 additions & 0 deletions fs/posix_acl.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -768,6 +768,8 @@ posix_acl_xattr_get(struct dentry *dentry, const char *name,
struct posix_acl *acl;
int error;

if (strcmp(name, "") != 0)
return -EINVAL;
if (!IS_POSIXACL(d_backing_inode(dentry)))
return -EOPNOTSUPP;
if (d_is_symlink(dentry))
Expand All @@ -793,6 +795,8 @@ posix_acl_xattr_set(struct dentry *dentry, const char *name,
struct posix_acl *acl = NULL;
int ret;

if (strcmp(name, "") != 0)
return -EINVAL;
if (!IS_POSIXACL(inode))
return -EOPNOTSUPP;
if (!inode->i_op->set_acl)
Expand Down

0 comments on commit c361016

Please sign in to comment.