From: Jan Kara jack@suse.cz
mainline inclusion from mainline-5.3-rc1 commit 8cd0f2ba787a1a1758dbe063fe6a26ceccd37c24 category: bugfix bugzilla: 174001 CVE: NA
-------------------------------------------------
There are two very similar loops when searching xattr to set. Just merge them.
Reviewed-by: Chengguang Xu cgxu519@zoho.com.cn Signed-off-by: Jan Kara jack@suse.cz Signed-off-by: Baokun Li libaokun1@huawei.com Reviewed-by: Zhang Yi yi.zhang@huawei.com Signed-off-by: Yang Yingliang yangyingliang@huawei.com --- fs/ext2/xattr.c | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-)
diff --git a/fs/ext2/xattr.c b/fs/ext2/xattr.c index 41988fb2fb8fc..0131afcf6a25e 100644 --- a/fs/ext2/xattr.c +++ b/fs/ext2/xattr.c @@ -426,28 +426,12 @@ bad_block: ext2_error(sb, "ext2_xattr_set", error = -EIO; goto cleanup; } - /* Find the named attribute. */ - here = FIRST_ENTRY(bh); - while (!IS_LAST_ENTRY(here)) { - struct ext2_xattr_entry *next = EXT2_XATTR_NEXT(here); - if ((char *)next >= end) - goto bad_block; - if (!here->e_value_block && here->e_value_size) { - size_t offs = le16_to_cpu(here->e_value_offs); - if (offs < min_offs) - min_offs = offs; - } - not_found = name_index - here->e_name_index; - if (!not_found) - not_found = name_len - here->e_name_len; - if (!not_found) - not_found = memcmp(name, here->e_name,name_len); - if (not_found <= 0) - break; - here = next; - } - last = here; - /* We still need to compute min_offs and last. */ + /* + * Find the named attribute. If not found, 'here' will point + * to entry where the new attribute should be inserted to + * maintain sorting. + */ + last = FIRST_ENTRY(bh); while (!IS_LAST_ENTRY(last)) { struct ext2_xattr_entry *next = EXT2_XATTR_NEXT(last); if ((char *)next >= end) @@ -457,8 +441,21 @@ bad_block: ext2_error(sb, "ext2_xattr_set", if (offs < min_offs) min_offs = offs; } + if (not_found > 0) { + not_found = name_index - last->e_name_index; + if (!not_found) + not_found = name_len - last->e_name_len; + if (!not_found) { + not_found = memcmp(name, last->e_name, + name_len); + } + if (not_found <= 0) + here = last; + } last = next; } + if (not_found > 0) + here = last;
/* Check whether we have enough space left. */ free = min_offs - ((char*)last - (char*)header) - sizeof(__u32);