writer: Cap maximum size of *all* xattr names

I have a distinct change which tries to cap this in the dumpfile parser, but this is more accurate. Signed-off-by: Colin Walters <[email protected]>
cgwalters · Aug 26, 2024 · 35ca2a4 · 35ca2a4
1 parent 0cde542
commit 35ca2a4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/libcomposefs/lcfs-internal.h b/libcomposefs/lcfs-internal.h
@@ -161,6 +161,7 @@ struct lcfs_node_s {
 
 	struct lcfs_xattr_s *xattrs;
 	size_t n_xattrs;
+	size_t xattr_names_total; /* Must not exceeded XATTR_LIST_MAX */
 
 	bool digest_set;
 	uint8_t digest[LCFS_DIGEST_SIZE]; /* sha256 fs-verity digest */

diff --git a/libcomposefs/lcfs-writer.c b/libcomposefs/lcfs-writer.c
@@ -1576,6 +1576,8 @@ int lcfs_node_unset_xattr(struct lcfs_node_s *node, const char *name)
 		if (index != (ssize_t)node->n_xattrs - 1)
 			node->xattrs[index] = node->xattrs[node->n_xattrs - 1];
 		node->n_xattrs--;
+		node->xattr_names_total -= strlen(name);
+		assert(node->xattr_names_total >= 0);
 	}
 
 	return -1;
@@ -1587,7 +1589,8 @@ int lcfs_node_set_xattr(struct lcfs_node_s *node, const char *name,
 	struct lcfs_xattr_s *xattrs;
 	char *k, *v;
 
-	if (strlen(name) > XATTR_NAME_MAX) {
+	const size_t namelen = strlen(name);
+	if (namelen > XATTR_NAME_MAX) {
 		errno = ERANGE;
 		return -1;
 	}
@@ -1614,6 +1617,10 @@ int lcfs_node_set_xattr(struct lcfs_node_s *node, const char *name,
 		return 0;
 	}
 
+	if (node->xattr_names_total + namelen > XATTR_LIST_MAX) {
+		errno = ERANGE;
+		return -1;
+	}
 	if (node->n_xattrs == UINT16_MAX) {
 		errno = EINVAL;
 		return -1;
@@ -1640,6 +1647,7 @@ int lcfs_node_set_xattr(struct lcfs_node_s *node, const char *name,
 	xattrs[node->n_xattrs].value = v;
 	xattrs[node->n_xattrs].value_len = value_len;
 	node->n_xattrs++;
+	node->xattr_names_total += namelen;
 
 	return 0;
 }