From: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp
[ Upstream commit d031f4e8b493df299123fbb4ec13db870584ed28 ]
syzbot is reporting that sec->length is not initialized.
Since security_inode_init_security() returns 0 when initxattrs is provided but call_int_hook(inode_init_security) returned -EOPNOTSUPP, control will reach to "if (sec->length && ...) {" without initializing sec->length.
Reported-by: syzbot syzbot+00a3779539a23cbee38c@syzkaller.appspotmail.com Closes: https://syzkaller.appspot.com/bug?extid=00a3779539a23cbee38c Signed-off-by: Tetsuo Handa penguin-kernel@I-love.SAKURA.ne.jp Fixes: 52ca4b6435a4 ("reiserfs: Switch to security_inode_init_security()") Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Sasha Levin sashal@kernel.org --- fs/reiserfs/xattr_security.c | 1 + 1 file changed, 1 insertion(+)
diff --git a/fs/reiserfs/xattr_security.c b/fs/reiserfs/xattr_security.c index 6e0a099dd7886..078dd8cc312fc 100644 --- a/fs/reiserfs/xattr_security.c +++ b/fs/reiserfs/xattr_security.c @@ -67,6 +67,7 @@ int reiserfs_security_init(struct inode *dir, struct inode *inode,
sec->name = NULL; sec->value = NULL; + sec->length = 0;
/* Don't add selinux attributes on xattrs - they'll never get used */ if (IS_PRIVATE(dir))