diff options
author | Sheng Yong <shengyong1@huawei.com> | 2019-01-07 15:02:34 +0800 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-08-21 10:52:53 +0200 |
commit | 559eff3dca325947bc3d88d17f4c454111884be5 (patch) | |
tree | bd341f176f22071e927bc975657bcdb10e426469 /fs/f2fs | |
parent | 11a6e8f89521d8ba212205b7c446f5ca65a946ee (diff) |
f2fs: check if file namelen exceeds max value
[ Upstream commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b ]
Dentry bitmap is not enough to detect incorrect dentries. So this patch
also checks the namelen value of a dentry.
Signed-off-by: Gong Chen <gongchen4@huawei.com>
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'fs/f2fs')
-rw-r--r-- | fs/f2fs/dir.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index 5411d6667781..e2ff0eb16f89 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -807,7 +807,8 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, /* check memory boundary before moving forward */ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - if (unlikely(bit_pos > d->max)) { + if (unlikely(bit_pos > d->max || + le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, "%s: corrupted namelen=%d, run fsck to fix.", __func__, le16_to_cpu(de->name_len)); |