diff options
author | Darrick J. Wong <darrick.wong@oracle.com> | 2019-10-28 16:12:34 -0700 |
---|---|---|
committer | Darrick J. Wong <darrick.wong@oracle.com> | 2019-10-29 09:50:11 -0700 |
commit | 04df34ac6494b216a911c5571bf4ee299cd34164 (patch) | |
tree | 227ef80e8cbb54db878e78c7714ef30ece388572 /fs/xfs/xfs_dir2_readdir.c | |
parent | 16c6e92c7e9836ed08db5f9771e75845796bd87f (diff) | |
download | lwn-04df34ac6494b216a911c5571bf4ee299cd34164.tar.gz lwn-04df34ac6494b216a911c5571bf4ee299cd34164.zip |
xfs: namecheck directory entry names before listing them
Actually call namecheck on directory entry names before we hand them
over to userspace.
Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>
Diffstat (limited to 'fs/xfs/xfs_dir2_readdir.c')
-rw-r--r-- | fs/xfs/xfs_dir2_readdir.c | 27 |
1 files changed, 22 insertions, 5 deletions
diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c index 283df898dd9f..a0bec0931f3b 100644 --- a/fs/xfs/xfs_dir2_readdir.c +++ b/fs/xfs/xfs_dir2_readdir.c @@ -17,6 +17,7 @@ #include "xfs_trace.h" #include "xfs_bmap.h" #include "xfs_trans.h" +#include "xfs_error.h" /* * Directory file type support functions @@ -115,6 +116,11 @@ xfs_dir2_sf_getdents( ino = dp->d_ops->sf_get_ino(sfp, sfep); filetype = dp->d_ops->sf_get_ftype(sfep); ctx->pos = off & 0x7fffffff; + if (!xfs_dir2_namecheck(sfep->name, sfep->namelen)) { + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, + dp->i_mount); + return -EFSCORRUPTED; + } if (!dir_emit(ctx, (char *)sfep->name, sfep->namelen, ino, xfs_dir3_get_dtype(dp->i_mount, filetype))) return 0; @@ -208,12 +214,16 @@ xfs_dir2_block_getdents( /* * If it didn't fit, set the final offset to here & return. */ + if (!xfs_dir2_namecheck(dep->name, dep->namelen)) { + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, + dp->i_mount); + error = -EFSCORRUPTED; + goto out_rele; + } if (!dir_emit(ctx, (char *)dep->name, dep->namelen, be64_to_cpu(dep->inumber), - xfs_dir3_get_dtype(dp->i_mount, filetype))) { - xfs_trans_brelse(args->trans, bp); - return 0; - } + xfs_dir3_get_dtype(dp->i_mount, filetype))) + goto out_rele; } /* @@ -222,8 +232,9 @@ xfs_dir2_block_getdents( */ ctx->pos = xfs_dir2_db_off_to_dataptr(geo, geo->datablk + 1, 0) & 0x7fffffff; +out_rele: xfs_trans_brelse(args->trans, bp); - return 0; + return error; } /* @@ -456,6 +467,12 @@ xfs_dir2_leaf_getdents( filetype = dp->d_ops->data_get_ftype(dep); ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff; + if (!xfs_dir2_namecheck(dep->name, dep->namelen)) { + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW, + dp->i_mount); + error = -EFSCORRUPTED; + break; + } if (!dir_emit(ctx, (char *)dep->name, dep->namelen, be64_to_cpu(dep->inumber), xfs_dir3_get_dtype(dp->i_mount, filetype))) |