diff options
Diffstat (limited to 'fs/fhandle.c')
| -rw-r--r-- | fs/fhandle.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/fs/fhandle.c b/fs/fhandle.c index 82df28d45cd7..218511f38cbb 100644 --- a/fs/fhandle.c +++ b/fs/fhandle.c @@ -307,6 +307,11 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, retval = -EINVAL; goto out_path; } + if (f_handle.handle_type < 0 || + FILEID_USER_FLAGS(f_handle.handle_type) & ~FILEID_VALID_USER_FLAGS) { + retval = -EINVAL; + goto out_path; + } handle = kmalloc(struct_size(handle, f_handle, f_handle.handle_bytes), GFP_KERNEL); if (!handle) { @@ -322,6 +327,8 @@ static int handle_to_path(int mountdirfd, struct file_handle __user *ufh, goto out_handle; } + /* Filesystem code should not be exposed to user flags */ + handle->handle_type &= ~FILEID_USER_FLAGS_MASK; retval = do_handle_to_path(handle, path, &ctx); out_handle: |