aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDuane Griffin <duaneg@dghda.com>2009-01-08 22:43:48 +0000
committerAl Viro <viro@zeniv.linux.org.uk>2009-03-27 14:43:57 -0400
commit9e6766cc8c125cf406960a5bfdf1455473f4835c (patch)
tree9e7267e52640e7e2e2fdddedb76a3273c861e63d
parentc8fe8f30c7fe6ce6fc44a1db7d5bfa5144cd9211 (diff)
downloadkernel_samsung_crespo-9e6766cc8c125cf406960a5bfdf1455473f4835c.zip
kernel_samsung_crespo-9e6766cc8c125cf406960a5bfdf1455473f4835c.tar.gz
kernel_samsung_crespo-9e6766cc8c125cf406960a5bfdf1455473f4835c.tar.bz2
ufs: validate maximum fast symlink size from superblock
The maximum fast symlink size is set in the superblock of certain types of UFS filesystem. Before using it we need to check that it isn't longer than the available space we have in the inode. Signed-off-by: Duane Griffin <duaneg@dghda.com> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/ufs/super.c11
1 files changed, 11 insertions, 0 deletions
diff --git a/fs/ufs/super.c b/fs/ufs/super.c
index 261a1c2..e1c1fc5 100644
--- a/fs/ufs/super.c
+++ b/fs/ufs/super.c
@@ -636,6 +636,7 @@ static int ufs_fill_super(struct super_block *sb, void *data, int silent)
unsigned block_size, super_block_size;
unsigned flags;
unsigned super_block_offset;
+ unsigned maxsymlen;
int ret = -EINVAL;
uspi = NULL;
@@ -1069,6 +1070,16 @@ magic_found:
uspi->s_maxsymlinklen =
fs32_to_cpu(sb, usb3->fs_un2.fs_44.fs_maxsymlinklen);
+ if (uspi->fs_magic == UFS2_MAGIC)
+ maxsymlen = 2 * 4 * (UFS_NDADDR + UFS_NINDIR);
+ else
+ maxsymlen = 4 * (UFS_NDADDR + UFS_NINDIR);
+ if (uspi->s_maxsymlinklen > maxsymlen) {
+ ufs_warning(sb, __func__, "ufs_read_super: excessive maximum "
+ "fast symlink size (%u)\n", uspi->s_maxsymlinklen);
+ uspi->s_maxsymlinklen = maxsymlen;
+ }
+
inode = ufs_iget(sb, UFS_ROOTINO);
if (IS_ERR(inode)) {
ret = PTR_ERR(inode);