Commit 4124927e authored Jan 07, 2019 by Sheng Yong Committed by Greg Kroah-Hartman Jan 17, 2020

f2fs: check if file namelen exceeds max value



commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b upstream.

Dentry bitmap is not enough to detect incorrect dentries. So this patch
also checks the namelen value of a dentry.

Signed-off-by: Gong Chen <gongchen4@huawei.com>
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 1137c1d4

fs/f2fs/dir.c

+2 −1

Original line number	Diff line number	Diff line
		@@ -808,7 +808,8 @@ int f2fs_fill_dentries(struct dir_context ctx, struct f2fs_dentry_ptr d,

		/* check memory boundary before moving forward */
		bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len));
		if (unlikely(bit_pos > d->max)) {
		if (unlikely(bit_pos > d->max \|\|
		le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) {
		f2fs_msg(sbi->sb, KERN_WARNING,
		"%s: corrupted namelen=%d, run fsck to fix.",
		__func__, le16_to_cpu(de->name_len));