diff options
author | Hin-Tak Leung <htl10@users.sourceforge.net> | 2014-06-06 17:36:22 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2014-06-06 19:08:09 -0400 |
commit | bf29e886b242cebf6a96ca0e43873abc777e0b50 (patch) | |
tree | 4366287ee3b5304e76a4a202c3c4c1622f726c89 /fs/hfsplus/xattr_trusted.c | |
parent | 017f8da43e92ddd9989884720b694a512e09ccce (diff) |
hfsplus: correct usage of HFSPLUS_ATTR_MAX_STRLEN for non-English attributes
HFSPLUS_ATTR_MAX_STRLEN (=127) is the limit of attribute names for the
number of unicode character (UTF-16BE) storable in the HFS+ file system.
Almost all the current usage of it is wrong, in relation to NLS to
on-disk conversion.
Except for one use calling hfsplus_asc2uni (which should stay the same)
and its uses in calling hfsplus_uni2asc (which was corrected in the
earlier patch in this series concerning usage of hfsplus_uni2asc), all
the other uses are of the forms:
- char buffer[size]
- bound check: "if (namespace_adjusted_input_length > size) return failure;"
Conversion between on-disk unicode representation and NLS char strings
(in whichever direction) always needs to accommodate the worst-case NLS
conversion, so all char buffers of that size need to have a
NLS_MAX_CHARSET_SIZE x .
The bound checks are all wrong, since they compare nls_length derived
from strlen() to a unicode length limit.
It turns out that all the bound-checks do is to protect
hfsplus_asc2uni(), which can fail if the input is too large.
There is only one usage of it as far as attributes are concerned, in
hfsplus_attr_build_key(). It is in turn used by hfsplus_find_attr(),
hfsplus_create_attr(), hfsplus_delete_attr(). Thus making sure that
errors from hfsplus_asc2uni() is caught in hfsplus_attr_build_key() and
propagated is sufficient to replace all the bound checks.
Unpropagated errors from hfsplus_asc2uni() in the file catalog code was
addressed recently in an independent patch "hfsplus: fix longname
handling" by Sougata Santra.
Before this patch, trying to set a 55 CJK character (in a UTF-8 locale,
> 127/3=42) attribute plus user prefix fails with:
$ setfattr -n user.`cat testing-string` -v `cat testing-string` \
testing-string
setfattr: testing-string: Operation not supported
and retrieving a stored long attributes is particular ugly(!):
find /mnt/* -type f -exec getfattr -d {} \;
getfattr: /mnt/testing-string: Input/output error
with console log:
[268008.389781] hfsplus: unicode conversion failed
After the patch, both of the above works.
FYI, the test attribute string is prepared with:
echo -e -n \
"\xe9\x80\x99\xe6\x98\xaf\xe4\xb8\x80\xe5\x80\x8b\xe9\x9d\x9e\xe5" \
"\xb8\xb8\xe6\xbc\xab\xe9\x95\xb7\xe8\x80\x8c\xe6\xa5\xb5\xe5\x85" \
"\xb6\xe4\xb9\x8f\xe5\x91\xb3\xe5\x92\x8c\xe7\x9b\xb8\xe7\x95\xb6" \
"\xe7\x84\xa1\xe8\xb6\xa3\xe3\x80\x81\xe4\xbb\xa5\xe5\x8f\x8a\xe7" \
"\x84\xa1\xe7\x94\xa8\xe7\x9a\x84\xe3\x80\x81\xe5\x86\x8d\xe5\x8a" \
"\xa0\xe4\xb8\x8a\xe6\xaf\xab\xe7\x84\xa1\xe6\x84\x8f\xe7\xbe\xa9" \
"\xe7\x9a\x84\xe6\x93\xb4\xe5\xb1\x95\xe5\xb1\xac\xe6\x80\xa7\xef" \
"\xbc\x8c\xe8\x80\x8c\xe5\x85\xb6\xe5\x94\xaf\xe4\xb8\x80\xe5\x89" \
"\xb5\xe5\xbb\xba\xe7\x9b\xae\xe7\x9a\x84\xe5\x83\x85\xe6\x98\xaf" \
"\xe7\x82\xba\xe4\xba\x86\xe6\xb8\xac\xe8\xa9\xa6\xe4\xbd\x9c\xe7" \
"\x94\xa8\xe3\x80\x82" | tr -d ' '
(= "pointlessly long attribute for testing", elaborate Chinese in
UTF-8 enoding).
However, it is not possible to set double the size (110 + 5 is still
under 127) in a UTF-8 locale:
$setfattr -n user.`cat testing-string testing-string` -v \
`cat testing-string testing-string` testing-string
setfattr: testing-string: Numerical result out of range
110 CJK char in UTF-8 is 330 bytes - the generic get/set attribute
system call code in linux/fs/xattr.c imposes a 255 byte limit. One can
use a combination of iconv to encode content, changing terminal locale
for viewing, and an nls=cp932/cp936/cp949/cp950 mount option to fully
use 127-unicode attribute in a double-byte locale.
Also, as an additional information, it is possible to (mis-)use unicode
half-width/full-width forms (U+FFxx) to write attributes which looks
like english but not actually ascii.
Thanks Anton Altaparmakov for reviewing the earlier ideas behind this
change.
[akpm@linux-foundation.org: fix build]
[akpm@linux-foundation.org: fix build]
Signed-off-by: Hin-Tak Leung <htl10@users.sourceforge.net>
Cc: Anton Altaparmakov <anton@tuxera.com>
Cc: Vyacheslav Dubeyko <slava@dubeyko.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Christoph Hellwig <hch@infradead.org>
Cc: Sougata Santra <sougata@tuxera.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/hfsplus/xattr_trusted.c')
-rw-r--r-- | fs/hfsplus/xattr_trusted.c | 32 |
1 files changed, 20 insertions, 12 deletions
diff --git a/fs/hfsplus/xattr_trusted.c b/fs/hfsplus/xattr_trusted.c index 426cee277542..3c5f27e4746a 100644 --- a/fs/hfsplus/xattr_trusted.c +++ b/fs/hfsplus/xattr_trusted.c | |||
@@ -6,43 +6,51 @@ | |||
6 | * Handler for trusted extended attributes. | 6 | * Handler for trusted extended attributes. |
7 | */ | 7 | */ |
8 | 8 | ||
9 | #include <linux/nls.h> | ||
10 | |||
9 | #include "hfsplus_fs.h" | 11 | #include "hfsplus_fs.h" |
10 | #include "xattr.h" | 12 | #include "xattr.h" |
11 | 13 | ||
12 | static int hfsplus_trusted_getxattr(struct dentry *dentry, const char *name, | 14 | static int hfsplus_trusted_getxattr(struct dentry *dentry, const char *name, |
13 | void *buffer, size_t size, int type) | 15 | void *buffer, size_t size, int type) |
14 | { | 16 | { |
15 | char xattr_name[HFSPLUS_ATTR_MAX_STRLEN + 1] = {0}; | 17 | char *xattr_name; |
16 | size_t len = strlen(name); | 18 | int res; |
17 | 19 | ||
18 | if (!strcmp(name, "")) | 20 | if (!strcmp(name, "")) |
19 | return -EINVAL; | 21 | return -EINVAL; |
20 | 22 | ||
21 | if (len + XATTR_TRUSTED_PREFIX_LEN > HFSPLUS_ATTR_MAX_STRLEN) | 23 | xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + 1, |
22 | return -EOPNOTSUPP; | 24 | GFP_KERNEL); |
23 | 25 | if (!xattr_name) | |
26 | return -ENOMEM; | ||
24 | strcpy(xattr_name, XATTR_TRUSTED_PREFIX); | 27 | strcpy(xattr_name, XATTR_TRUSTED_PREFIX); |
25 | strcpy(xattr_name + XATTR_TRUSTED_PREFIX_LEN, name); | 28 | strcpy(xattr_name + XATTR_TRUSTED_PREFIX_LEN, name); |
26 | 29 | ||
27 | return hfsplus_getxattr(dentry, xattr_name, buffer, size); | 30 | res = hfsplus_getxattr(dentry, xattr_name, buffer, size); |
31 | kfree(xattr_name); | ||
32 | return res; | ||
28 | } | 33 | } |
29 | 34 | ||
30 | static int hfsplus_trusted_setxattr(struct dentry *dentry, const char *name, | 35 | static int hfsplus_trusted_setxattr(struct dentry *dentry, const char *name, |
31 | const void *buffer, size_t size, int flags, int type) | 36 | const void *buffer, size_t size, int flags, int type) |
32 | { | 37 | { |
33 | char xattr_name[HFSPLUS_ATTR_MAX_STRLEN + 1] = {0}; | 38 | char *xattr_name; |
34 | size_t len = strlen(name); | 39 | int res; |
35 | 40 | ||
36 | if (!strcmp(name, "")) | 41 | if (!strcmp(name, "")) |
37 | return -EINVAL; | 42 | return -EINVAL; |
38 | 43 | ||
39 | if (len + XATTR_TRUSTED_PREFIX_LEN > HFSPLUS_ATTR_MAX_STRLEN) | 44 | xattr_name = kmalloc(NLS_MAX_CHARSET_SIZE * HFSPLUS_ATTR_MAX_STRLEN + 1, |
40 | return -EOPNOTSUPP; | 45 | GFP_KERNEL); |
41 | 46 | if (!xattr_name) | |
47 | return -ENOMEM; | ||
42 | strcpy(xattr_name, XATTR_TRUSTED_PREFIX); | 48 | strcpy(xattr_name, XATTR_TRUSTED_PREFIX); |
43 | strcpy(xattr_name + XATTR_TRUSTED_PREFIX_LEN, name); | 49 | strcpy(xattr_name + XATTR_TRUSTED_PREFIX_LEN, name); |
44 | 50 | ||
45 | return hfsplus_setxattr(dentry, xattr_name, buffer, size, flags); | 51 | res = hfsplus_setxattr(dentry, xattr_name, buffer, size, flags); |
52 | kfree(xattr_name); | ||
53 | return res; | ||
46 | } | 54 | } |
47 | 55 | ||
48 | static size_t hfsplus_trusted_listxattr(struct dentry *dentry, char *list, | 56 | static size_t hfsplus_trusted_listxattr(struct dentry *dentry, char *list, |