udf: Check path length when reading symlink

Symlink reading code does not check whether the resulting path fits into the page provided by the generic code. This isn't as easy as just checking the symlink size because of various encoding conversions we perform on path. So we have to check whether there is still enough space in the buffer on the fly. CC: stable@vger.kernel.org Reported-by: Carl Henrik Lunde <chlunde@ping.uio.no> Signed-off-by: Jan Kara <jack@suse.cz>
author: Jan Kara <jack@suse.cz> 2014-12-18 16:37:50 -0500
committer: Jan Kara <jack@suse.cz> 2014-12-19 08:12:08 -0500
commit: 0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (patch)
tree: 6a9a8bef5942cb6b18ae977fd1be24c59cebe71c /fs/udf/unicode.c
parent: a1d47b262952a45aae62bd49cfaf33dd76c11a2c (diff)
1 files changed, 16 insertions, 12 deletions
diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
index afd470e588ff..b84fee372734 100644
--- a/fs/udf/unicode.c
+++ b/fs/udf/unicode.c
@@ -28,7 +28,8 @@
 #include "udf_sb.h"
-static int udf_translate_to_linux(uint8_t *, uint8_t *, int, uint8_t *, int);
+static int udf_translate_to_linux(uint8_t *, int, uint8_t *, int, uint8_t *,
+                                  int);
 static int udf_char_to_ustr(struct ustr *dest, const uint8_t *src, int strlen)
 {
@@ -333,8 +334,8 @@ try_again:
        return u_len + 1;
 }
-int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname,
+int udf_get_filename(struct super_block *sb, uint8_t *sname, int slen,
-                     int flen)
+                     uint8_t *dname, int dlen)
 {
        struct ustr *filename, *unifilename;
        int len = 0;
@@ -347,7 +348,7 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname,
        if (!unifilename)
                goto out1;
-        if (udf_build_ustr_exact(unifilename, sname, flen))
+        if (udf_build_ustr_exact(unifilename, sname, slen))
                goto out2;
        if (UDF_QUERY_FLAG(sb, UDF_FLAG_UTF8)) {
@@ -366,7 +367,8 @@ int udf_get_filename(struct super_block *sb, uint8_t *sname, uint8_t *dname,
        } else
                goto out2;
-        len = udf_translate_to_linux(dname, filename->u_name, filename->u_len,
+        len = udf_translate_to_linux(dname, dlen,
+                                     filename->u_name, filename->u_len,
                                     unifilename->u_name, unifilename->u_len);
 out2:
        kfree(unifilename);
@@ -403,10 +405,12 @@ int udf_put_filename(struct super_block *sb, const uint8_t *sname,
 #define EXT_MARK                '.'
 #define CRC_MARK                '#'
 #define EXT_SIZE                5
+/* Number of chars we need to store generated CRC to make filename unique */
+#define CRC_LEN                 5
-static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName,
+static int udf_translate_to_linux(uint8_t *newName, int newLen,
-                                  int udfLen, uint8_t *fidName,
+                                  uint8_t *udfName, int udfLen,
-                                  int fidNameLen)
+                                  uint8_t *fidName, int fidNameLen)
 {
        int index, newIndex = 0, needsCRC = 0;
        int extIndex = 0, newExtIndex = 0, hasExt = 0;
@@ -439,7 +443,7 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName,
                                        newExtIndex = newIndex;
                                }
                        }
-                        if (newIndex < 256)
+                        if (newIndex < newLen)
                                newName[newIndex++] = curr;
                        else
                                needsCRC = 1;
@@ -467,13 +471,13 @@ static int udf_translate_to_linux(uint8_t *newName, uint8_t *udfName,
                                }
                                ext[localExtIndex++] = curr;
                        }
-                        maxFilenameLen = 250 - localExtIndex;
+                        maxFilenameLen = newLen - CRC_LEN - localExtIndex;
                        if (newIndex > maxFilenameLen)
                                newIndex = maxFilenameLen;
                        else
                                newIndex = newExtIndex;
-                } else if (newIndex > 250)
+                } else if (newIndex > newLen - CRC_LEN)
-                        newIndex = 250;
+                        newIndex = newLen - CRC_LEN;
                newName[newIndex++] = CRC_MARK;
                valueCRC = crc_itu_t(0, fidName, fidNameLen);
                newName[newIndex++] = hex_asc_upper_hi(valueCRC >> 8);
author	Jan Kara <jack@suse.cz>	2014-12-18 16:37:50 -0500
committer	Jan Kara <jack@suse.cz>	2014-12-19 08:12:08 -0500
commit	0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14 (patch)
tree	6a9a8bef5942cb6b18ae977fd1be24c59cebe71c /fs/udf/unicode.c
parent	a1d47b262952a45aae62bd49cfaf33dd76c11a2c (diff)