diff options
| author |   Chao Yu <chao@kernel.org> | 2016-04-27 22:22:20 +0800 |
|---|---|---|
| committer |   Jaegeuk Kim <jaegeuk@kernel.org> | 2016-04-27 14:10:42 -0700 |
| commit | a4a13f582c6d36b78b1c0459ee0b28f17bb2fb06 (patch) | |
| tree | bc9ff6a64e27b8a937bd2127a171ab41ff42c8e7 /fs/f2fs/dir.c | |
| parent | MAINTAINERS: update my email address (diff) | |
| download | linux-dev-a4a13f582c6d36b78b1c0459ee0b28f17bb2fb06.tar.xz linux-dev-a4a13f582c6d36b78b1c0459ee0b28f17bb2fb06.zip | |
f2fs: be aware of invalid filename length
The filename length in dirent of may become zero-sized after random junk
data injection, once encounter such dirent, find_target_dentry or
f2fs_add_inline_entries will run into an infinite loop. So let f2fs being
aware of that to avoid deadloop.
Signed-off-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Diffstat (limited to 'fs/f2fs/dir.c')
| -rw-r--r-- | fs/f2fs/dir.c | 14 |
1 files changed, 5 insertions, 9 deletions
diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index e90380d82214..3b1c14e4eeea 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -101,11 +101,6 @@ static struct f2fs_dir_entry *find_in_block(struct page *dentry_page, else kunmap(dentry_page); - /* - * For the most part, it should be a bug when name_len is zero. - * We stop here for figuring out where the bugs has occurred. - */ - f2fs_bug_on(F2FS_P_SB(dentry_page), d.max < 0); return de; } @@ -130,6 +125,11 @@ struct f2fs_dir_entry *find_target_dentry(struct fscrypt_name *fname, de = &d->dentry[bit_pos]; + if (unlikely(!de->name_len)) { + bit_pos++; + continue; + } + /* encrypted case */ de_name.name = d->filename[bit_pos]; de_name.len = le16_to_cpu(de->name_len); @@ -147,10 +147,6 @@ struct f2fs_dir_entry *find_target_dentry(struct fscrypt_name *fname, *max_slots = max_len; max_len = 0; - /* remain bug on condition */ - if (unlikely(!de->name_len)) - d->max = -1; - bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); } |