aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDavid Woodhouse <dwmw2@infradead.org>2007-10-13 06:33:50 -0400
committerDavid Woodhouse <dwmw2@infradead.org>2007-10-13 06:33:50 -0400
commit69ca4378aa376cf2c49657d4f6951da56c27cd3a (patch)
treee1d8c8eb423f8a88be02f949ef88539c1f1bd8eb
parenta8c68f32644fc8942b25af9239967dd01be621fa (diff)
[JFFS2] Check for creation of dirents with embedded zero bytes in name.
I have no idea how this happened, but OLPC trac #4184 suggests that it did. Catch it early. Signed-off-by: David Woodhouse <dwmw2@infradead.org>
-rw-r--r--fs/jffs2/write.c13
1 files changed, 12 insertions, 1 deletions
diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c
index 664c164aa67c..2f5695446d0f 100644
--- a/fs/jffs2/write.c
+++ b/fs/jffs2/write.c
@@ -215,6 +215,17 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
215 BUG(); 215 BUG();
216 }); 216 });
217 217
218 if (strnlen(name, namelen) != namelen) {
219 /* This should never happen, but seems to have done on at least one
220 occasion: https://dev.laptop.org/ticket/4184 */
221 printk(KERN_CRIT "Error in jffs2_write_dirent() -- name contains zero bytes!\n");
222 printk(KERN_CRIT "Directory inode #%u, name at *0x%p \"%s\"->ino #%u, name_crc 0x%08x\n",
223 je32_to_cpu(rd->pino), name, name, je32_to_cpu(rd->ino),
224 je32_to_cpu(rd->name_crc));
225 WARN_ON(1);
226 return ERR_PTR(-EIO);
227 }
228
218 vecs[0].iov_base = rd; 229 vecs[0].iov_base = rd;
219 vecs[0].iov_len = sizeof(*rd); 230 vecs[0].iov_len = sizeof(*rd);
220 vecs[1].iov_base = (unsigned char *)name; 231 vecs[1].iov_base = (unsigned char *)name;
@@ -226,7 +237,7 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff
226 237
227 fd->version = je32_to_cpu(rd->version); 238 fd->version = je32_to_cpu(rd->version);
228 fd->ino = je32_to_cpu(rd->ino); 239 fd->ino = je32_to_cpu(rd->ino);
229 fd->nhash = full_name_hash(name, strlen(name)); 240 fd->nhash = full_name_hash(name, namelen);
230 fd->type = rd->type; 241 fd->type = rd->type;
231 memcpy(fd->name, name, namelen); 242 memcpy(fd->name, name, namelen);
232 fd->name[namelen]=0; 243 fd->name[namelen]=0;