From: Steven Whitehouse <swhiteho@redhat.com> Date: Mon, 24 May 2010 15:06:06 -0400 Subject: [fs] gfs2: fix permissions checking for setflags ioctl Message-id: <1274713566.3158.98.camel@localhost.localdomain> Patchwork-id: 25699 O-Subject: [RHEL5.6] GFS2: Fix permissions checking for setflags ioctl() (bz #595399) Bugzilla: 595399 CVE: CVE-2010-1641 RH-Acked-by: Robert S Peterson <rpeterso@redhat.com> RH-Acked-by: Eugene Teo <eugene@redhat.com> This is the RHEL5 version of the patch. Its identical to the upstream/RHEL6 version modulo the change in the file name. This fixes bz #595339 Signed-off-by: Jarod Wilson <jarod@redhat.com> diff --git a/fs/gfs2/ops_file.c b/fs/gfs2/ops_file.c index 2e684bf..46a484f 100644 --- a/fs/gfs2/ops_file.c +++ b/fs/gfs2/ops_file.c @@ -272,6 +272,11 @@ static int do_gfs2_set_flags(struct file *filp, u32 reqflags, u32 mask) if (error) return error; + error = -EACCES; + if (!is_owner_or_cap(inode)) + goto out; + + error = 0; flags = ip->i_diskflags; new_flags = (flags & ~mask) | (reqflags & mask); if ((new_flags ^ flags) == 0) @@ -327,8 +332,10 @@ static int gfs2_set_flags(struct file *filp, u32 __user *ptr) { struct inode *inode = filp->f_dentry->d_inode; u32 fsflags, gfsflags; + if (get_user(fsflags, ptr)) return -EFAULT; + gfsflags = fsflags_cvt(fsflags_to_gfs2, fsflags); if (!S_ISDIR(inode->i_mode)) { if (gfsflags & GFS2_DIF_INHERIT_JDATA)