summaryrefslogtreecommitdiff
path: root/fs
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2013-05-17 15:17:59 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2013-06-29 12:56:38 +0400
commit663f4deca76cc99ac7bf800a925fc5e5eb70dbb3 (patch)
treef381b4bc475b2bca9ee8d995484e32de0165f38c /fs
parent9fd4d05949d58786d4453191b2b203b8a691c476 (diff)
downloadlwn-663f4deca76cc99ac7bf800a925fc5e5eb70dbb3.tar.gz
lwn-663f4deca76cc99ac7bf800a925fc5e5eb70dbb3.zip
[readdir] convert qnx4
... and use strnlen() instead of strlen() - it's done on untrusted data, after all. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'fs')
-rw-r--r--fs/qnx4/dir.c66
1 files changed, 31 insertions, 35 deletions
diff --git a/fs/qnx4/dir.c b/fs/qnx4/dir.c
index 28ce014b3cef..b218f965817b 100644
--- a/fs/qnx4/dir.c
+++ b/fs/qnx4/dir.c
@@ -14,9 +14,9 @@
#include <linux/buffer_head.h>
#include "qnx4.h"
-static int qnx4_readdir(struct file *filp, void *dirent, filldir_t filldir)
+static int qnx4_readdir(struct file *file, struct dir_context *ctx)
{
- struct inode *inode = file_inode(filp);
+ struct inode *inode = file_inode(file);
unsigned int offset;
struct buffer_head *bh;
struct qnx4_inode_entry *de;
@@ -26,48 +26,44 @@ static int qnx4_readdir(struct file *filp, void *dirent, filldir_t filldir)
int size;
QNX4DEBUG((KERN_INFO "qnx4_readdir:i_size = %ld\n", (long) inode->i_size));
- QNX4DEBUG((KERN_INFO "filp->f_pos = %ld\n", (long) filp->f_pos));
+ QNX4DEBUG((KERN_INFO "pos = %ld\n", (long) ctx->pos));
- while (filp->f_pos < inode->i_size) {
- blknum = qnx4_block_map( inode, filp->f_pos >> QNX4_BLOCK_SIZE_BITS );
+ while (ctx->pos < inode->i_size) {
+ blknum = qnx4_block_map(inode, ctx->pos >> QNX4_BLOCK_SIZE_BITS);
bh = sb_bread(inode->i_sb, blknum);
- if(bh==NULL) {
+ if (bh == NULL) {
printk(KERN_ERR "qnx4_readdir: bread failed (%ld)\n", blknum);
- break;
+ return 0;
}
- ix = (int)(filp->f_pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK;
- while (ix < QNX4_INODES_PER_BLOCK) {
+ ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK;
+ for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) {
offset = ix * QNX4_DIR_ENTRY_SIZE;
de = (struct qnx4_inode_entry *) (bh->b_data + offset);
- size = strlen(de->di_fname);
- if (size) {
- if ( !( de->di_status & QNX4_FILE_LINK ) && size > QNX4_SHORT_NAME_MAX )
- size = QNX4_SHORT_NAME_MAX;
- else if ( size > QNX4_NAME_MAX )
- size = QNX4_NAME_MAX;
-
- if ( ( de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK) ) != 0 ) {
- QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname));
- if ( ( de->di_status & QNX4_FILE_LINK ) == 0 )
- ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1;
- else {
- le = (struct qnx4_link_info*)de;
- ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) *
- QNX4_INODES_PER_BLOCK +
- le->dl_inode_ndx;
- }
- if (filldir(dirent, de->di_fname, size, filp->f_pos, ino, DT_UNKNOWN) < 0) {
- brelse(bh);
- goto out;
- }
- }
+ if (!de->di_fname[0])
+ continue;
+ if (!(de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK)))
+ continue;
+ if (!(de->di_status & QNX4_FILE_LINK))
+ size = QNX4_SHORT_NAME_MAX;
+ else
+ size = QNX4_NAME_MAX;
+ size = strnlen(de->di_fname, size);
+ QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname));
+ if (!(de->di_status & QNX4_FILE_LINK))
+ ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1;
+ else {
+ le = (struct qnx4_link_info*)de;
+ ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) *
+ QNX4_INODES_PER_BLOCK +
+ le->dl_inode_ndx;
+ }
+ if (!dir_emit(ctx, de->di_fname, size, ino, DT_UNKNOWN)) {
+ brelse(bh);
+ return 0;
}
- ix++;
- filp->f_pos += QNX4_DIR_ENTRY_SIZE;
}
brelse(bh);
}
-out:
return 0;
}
@@ -75,7 +71,7 @@ const struct file_operations qnx4_dir_operations =
{
.llseek = generic_file_llseek,
.read = generic_read_dir,
- .readdir = qnx4_readdir,
+ .iterate = qnx4_readdir,
.fsync = generic_file_fsync,
};