ufs: validate maximum fast symlink size from superblock
authorDuane Griffin <duaneg@dghda.com>
Thu, 8 Jan 2009 22:43:48 +0000 (22:43 +0000)
committerAl Viro <viro@zeniv.linux.org.uk>
Fri, 27 Mar 2009 18:43:57 +0000 (14:43 -0400)
The maximum fast symlink size is set in the superblock of certain types
of UFS filesystem. Before using it we need to check that it isn't longer
than the available space we have in the inode.

Signed-off-by: Duane Griffin <duaneg@dghda.com>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/ufs/super.c

index 261a1c2f22dd0bc0c0eac67937e13c85f695006b..e1c1fc5ee2395cca67ad36e10f0577fdef0f0651 100644 (file)
@@ -636,6 +636,7 @@ static int ufs_fill_super(struct super_block *sb, void *data, int silent)
        unsigned block_size, super_block_size;
        unsigned flags;
        unsigned super_block_offset;
+       unsigned maxsymlen;
        int ret = -EINVAL;
 
        uspi = NULL;
@@ -1069,6 +1070,16 @@ magic_found:
                uspi->s_maxsymlinklen =
                    fs32_to_cpu(sb, usb3->fs_un2.fs_44.fs_maxsymlinklen);
 
+       if (uspi->fs_magic == UFS2_MAGIC)
+               maxsymlen = 2 * 4 * (UFS_NDADDR + UFS_NINDIR);
+       else
+               maxsymlen = 4 * (UFS_NDADDR + UFS_NINDIR);
+       if (uspi->s_maxsymlinklen > maxsymlen) {
+               ufs_warning(sb, __func__, "ufs_read_super: excessive maximum "
+                           "fast symlink size (%u)\n", uspi->s_maxsymlinklen);
+               uspi->s_maxsymlinklen = maxsymlen;
+       }
+
        inode = ufs_iget(sb, UFS_ROOTINO);
        if (IS_ERR(inode)) {
                ret = PTR_ERR(inode);