aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--fs/sysv/super.c6
-rw-r--r--include/linux/sysv_fs.h11
2 files changed, 15 insertions, 2 deletions
diff --git a/fs/sysv/super.c b/fs/sysv/super.c
index 2da3075aff78..5c0aab0b7e18 100644
--- a/fs/sysv/super.c
+++ b/fs/sysv/super.c
@@ -469,7 +469,7 @@ static int v7_fill_super(struct super_block *sb, void *data, int silent)
469 v7sb = (struct v7_super_block *) bh->b_data; 469 v7sb = (struct v7_super_block *) bh->b_data;
470 if (fs16_to_cpu(sbi, v7sb->s_nfree) > V7_NICFREE || 470 if (fs16_to_cpu(sbi, v7sb->s_nfree) > V7_NICFREE ||
471 fs16_to_cpu(sbi, v7sb->s_ninode) > V7_NICINOD || 471 fs16_to_cpu(sbi, v7sb->s_ninode) > V7_NICINOD ||
472 fs32_to_cpu(sbi, v7sb->s_time) == 0) 472 fs32_to_cpu(sbi, v7sb->s_fsize) > V7_MAXSIZE)
473 goto failed; 473 goto failed;
474 474
475 /* plausibility check on root inode: it is a directory, 475 /* plausibility check on root inode: it is a directory,
@@ -479,7 +479,9 @@ static int v7_fill_super(struct super_block *sb, void *data, int silent)
479 v7i = (struct sysv_inode *)(bh2->b_data + 64); 479 v7i = (struct sysv_inode *)(bh2->b_data + 64);
480 if ((fs16_to_cpu(sbi, v7i->i_mode) & ~0777) != S_IFDIR || 480 if ((fs16_to_cpu(sbi, v7i->i_mode) & ~0777) != S_IFDIR ||
481 (fs32_to_cpu(sbi, v7i->i_size) == 0) || 481 (fs32_to_cpu(sbi, v7i->i_size) == 0) ||
482 (fs32_to_cpu(sbi, v7i->i_size) & 017) != 0) 482 (fs32_to_cpu(sbi, v7i->i_size) & 017) ||
483 (fs32_to_cpu(sbi, v7i->i_size) > V7_NFILES *
484 sizeof (struct sysv_dir_entry)))
483 goto failed; 485 goto failed;
484 brelse(bh2); 486 brelse(bh2);
485 bh2 = NULL; 487 bh2 = NULL;
diff --git a/include/linux/sysv_fs.h b/include/linux/sysv_fs.h
index 96411306eec6..e47d6d90023d 100644
--- a/include/linux/sysv_fs.h
+++ b/include/linux/sysv_fs.h
@@ -148,6 +148,17 @@ struct v7_super_block {
148 char s_fname[6]; /* file system name */ 148 char s_fname[6]; /* file system name */
149 char s_fpack[6]; /* file system pack name */ 149 char s_fpack[6]; /* file system pack name */
150}; 150};
151/* Constants to aid sanity checking */
152/* This is not a hard limit, nor enforced by v7 kernel. It's actually just
153 * the limit used by Seventh Edition's ls, though is high enough to assume
154 * that no reasonable file system would have that much entries in root
155 * directory. Thus, if we see anything higher, we just probably got the
156 * endiannes wrong. */
157#define V7_NFILES 1024
158/* The disk addresses are three-byte (despite direct block addresses being
159 * aligned word-wise in inode). If the most significant byte is non-zero,
160 * something is most likely wrong (not a filesystem, bad bytesex). */
161#define V7_MAXSIZE 0x00ffffff
151 162
152/* Coherent super-block data on disk */ 163/* Coherent super-block data on disk */
153#define COH_NICINOD 100 /* number of inode cache entries */ 164#define COH_NICINOD 100 /* number of inode cache entries */