fuse: limit xattr returned size

Don't let userspace filesystem give bogus values for the size of xattr and
xattr list.

Signed-off-by: Miklos Szeredi <mszeredi@redhat.com>

diff --git a/fs/fuse/xattr.c b/fs/fuse/xattr.c
index 04b097f..3caac46 100644 (file)
--- a/fs/fuse/xattr.c
+++ b/fs/fuse/xattr.c
@@ -79,7 +79,7 @@ ssize_t fuse_getxattr(struct inode *inode, const char *name, void *value,
        }
        ret = fuse_simple_request(fc, &args);
        if (!ret && !size)
-               ret = outarg.size;
+               ret = min_t(ssize_t, outarg.size, XATTR_SIZE_MAX);
        if (ret == -ENOSYS) {
                fc->no_getxattr = 1;
                ret = -EOPNOTSUPP;
@@ -138,7 +138,7 @@ ssize_t fuse_listxattr(struct dentry *entry, char *list, size_t size)
        }
        ret = fuse_simple_request(fc, &args);
        if (!ret && !size)
-               ret = outarg.size;
+               ret = min_t(ssize_t, outarg.size, XATTR_LIST_MAX);
        if (ret > 0 && size)
                ret = fuse_verify_xattr_list(list, ret);
        if (ret == -ENOSYS) {