libext2fs: strengthen i_extra_isize checks when reading/writing xattrs

Strengthen the i_extra_isize checks to look for obviously too-small
values before trying to operate on inode EAs.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Signed-off-by: Theodore Ts'o <tytso@mit.edu>

lib/ext2fs/ext_attr.c

@@ -536,8 +536,9 @@ errcode_t ext2fs_xattrs_write(struct ext2_xattr_handle *handle)
 	x = handle->attrs;
 	qsort(x, handle->length, sizeof(struct ext2_xattr), attr_compare);
 
-	/* Does the inode have size for EA? */
-	if (EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
+	/* Does the inode have space for EA? */
+	if (inode->i_extra_isize < sizeof(inode->i_extra_isize) ||
+	    EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
 						  inode->i_extra_isize +
 						  sizeof(__u32))
 		goto write_ea_block;
@@ -773,8 +774,9 @@ errcode_t ext2fs_xattrs_read(struct ext2_xattr_handle *handle)
 
 	xattrs_free_keys(handle);
 
-	/* Does the inode have size for EA? */
-	if (EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
+	/* Does the inode have space for EA? */
+	if (inode->i_extra_isize < sizeof(inode->i_extra_isize) ||
+	    EXT2_INODE_SIZE(handle->fs->super) <= EXT2_GOOD_OLD_INODE_SIZE +
 						  inode->i_extra_isize +
 						  sizeof(__u32))
 		goto read_ea_block;

tests/f_write_ea_toobig_extra_isize/expect.1

@@ -0,0 +1,12 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Directory inode 12, block #0, offset 4: directory corrupted
+Salvage? yes
+
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
+Exit status is 1

tests/f_write_ea_toobig_extra_isize/expect.2

@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
+Exit status is 0

tests/f_write_ea_toobig_extra_isize/name

@@ -0,0 +1 @@
+write EA when i_extra_size is too big for EA

tests/f_write_ea_toosmall_extra_isize/expect.1

@@ -0,0 +1,15 @@
+Pass 1: Checking inodes, blocks, and sizes
+Inode 12 has a extra size (1) which is invalid
+Fix? yes
+
+Pass 2: Checking directory structure
+Directory inode 12, block #0, offset 4: directory corrupted
+Salvage? yes
+
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+
+test_filesys: ***** FILE SYSTEM WAS MODIFIED *****
+test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
+Exit status is 1

tests/f_write_ea_toosmall_extra_isize/expect.2

@@ -0,0 +1,7 @@
+Pass 1: Checking inodes, blocks, and sizes
+Pass 2: Checking directory structure
+Pass 3: Checking directory connectivity
+Pass 4: Checking reference counts
+Pass 5: Checking group summary information
+test_filesys: 12/128 files (0.0% non-contiguous), 17/512 blocks
+Exit status is 0

tests/f_write_ea_toosmall_extra_isize/name

@@ -0,0 +1 @@
+write EA when i_extra_size is too small to make sense