From: Su Yue Date: Tue, 6 Jun 2017 09:57:04 +0000 (+0800) Subject: btrfs: Check name_len in btrfs_check_ref_name_override X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=3c1d41844896f59ac771daf146a5329525dc87c5;p=GitHub%2Fmoto-9609%2Fandroid_kernel_motorola_exynos9610.git btrfs: Check name_len in btrfs_check_ref_name_override In btrfs_log_inode, btrfs_search_forward gets the buffer and then btrfs_check_ref_name_override will read name from ref/extref for the first time. Call btrfs_is_name_len_valid before reading name. Signed-off-by: Su Yue Reviewed-by: David Sterba Signed-off-by: David Sterba --- diff --git a/fs/btrfs/tree-log.c b/fs/btrfs/tree-log.c index 06c7ceb07282..f20ef211a73d 100644 --- a/fs/btrfs/tree-log.c +++ b/fs/btrfs/tree-log.c @@ -4562,6 +4562,12 @@ static int btrfs_check_ref_name_override(struct extent_buffer *eb, this_len = sizeof(*extref) + this_name_len; } + ret = btrfs_is_name_len_valid(eb, slot, name_ptr, + this_name_len); + if (!ret) { + ret = -EIO; + goto out; + } if (this_name_len > name_len) { char *new_name;