fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode() - kernel/linux.git

diff options

author	Anant Thazhemadam <anant.thazhemadam@gmail.com>	2020-12-08 22:43:38 +0300
committer	Jan Kara <jack@suse.cz>	2020-12-09 12:07:10 +0300
commit	e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc (patch)
tree	8d3c159148dcecc3d40220974f586b3f82e8d4b0 /crypto/lz4hc.c
parent	d24396c5290ba8ab04ba505176874c4e04a2d53c (diff)
download	linux-e51d68e76d604c6d5d1eb13ae1d6da7f6c8c0dfc.tar.xz

fs: quota: fix array-index-out-of-bounds bug by passing correct argument to vfs_cleanup_quota_inode()

When dquot_resume() was last updated, the argument that got passed to vfs_cleanup_quota_inode was incorrectly set. If type = -1 and dquot_load_quota_sb() returns a negative value, then vfs_cleanup_quota_inode() gets called with -1 passed as an argument, and this leads to an array-index-out-of-bounds bug. Fix this issue by correctly passing the arguments. Fixes: ae45f07d47cc ("quota: Simplify dquot_resume()") Link: https://lore.kernel.org/r/20201208194338.7064-1-anant.thazhemadam@gmail.com Reported-by: syzbot+2643e825238d7aabb37f@syzkaller.appspotmail.com Tested-by: syzbot+2643e825238d7aabb37f@syzkaller.appspotmail.com CC: stable@vger.kernel.org Signed-off-by: Anant Thazhemadam <anant.thazhemadam@gmail.com> Signed-off-by: Jan Kara <jack@suse.cz>

Diffstat (limited to 'crypto/lz4hc.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: