jffs2: Add missing capability check for listing trusted xattrs

Andreas Gruenbacher · Al Viro · commit bf781714b3e1 · 2015-11-13T20:34:30.000-05:00
The vfs checks if a task has the appropriate access for get and set
operations, but it cannot do that for the list operation; the file system
must check for that itself.

Signed-off-by: Andreas Gruenbacher &lt;agruenba@redhat.com&gt;
Reviewed-by: Christoph Hellwig &lt;hch@lst.de&gt;
Cc: David Woodhouse &lt;dwmw2@infradead.org&gt;
Cc: linux-mtd@lists.infradead.org
Signed-off-by: Al Viro &lt;viro@zeniv.linux.org.uk&gt;
diff --git a/fs/jffs2/xattr_trusted.c b/fs/jffs2/xattr_trusted.c
@@ -39,6 +39,9 @@ static size_t jffs2_trusted_listxattr(struct dentry *dentry, char *list,
 {
 	size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;
 
+	if (!capable(CAP_SYS_ADMIN))
+		return 0;
+
 	if (list && retlen<=list_size) {
 		strcpy(list, XATTR_TRUSTED_PREFIX);
 		strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);

Original file line number	Diff line number	Diff line change
`@@ -39,6 +39,9 @@ static size_t jffs2_trusted_listxattr(struct dentry dentry, char list,`
`39`	`39`	`{`
`40`	`40`	`size_t retlen = XATTR_TRUSTED_PREFIX_LEN + name_len + 1;`
`41`	`41`
	`42`	`+ if (!capable(CAP_SYS_ADMIN))`
	`43`	`+ return 0;`
	`44`	`+`
`42`	`45`	`if (list && retlen<=list_size) {`
`43`	`46`	`strcpy(list, XATTR_TRUSTED_PREFIX);`
`44`	`47`	`strcpy(list + XATTR_TRUSTED_PREFIX_LEN, name);`