diff options
-rw-r--r-- | fs/sysv/super.c | 6 | ||||
-rw-r--r-- | include/linux/sysv_fs.h | 11 |
2 files changed, 15 insertions, 2 deletions
diff --git a/fs/sysv/super.c b/fs/sysv/super.c index 2da3075aff78..5c0aab0b7e18 100644 --- a/fs/sysv/super.c +++ b/fs/sysv/super.c | |||
@@ -469,7 +469,7 @@ static int v7_fill_super(struct super_block *sb, void *data, int silent) | |||
469 | v7sb = (struct v7_super_block *) bh->b_data; | 469 | v7sb = (struct v7_super_block *) bh->b_data; |
470 | if (fs16_to_cpu(sbi, v7sb->s_nfree) > V7_NICFREE || | 470 | if (fs16_to_cpu(sbi, v7sb->s_nfree) > V7_NICFREE || |
471 | fs16_to_cpu(sbi, v7sb->s_ninode) > V7_NICINOD || | 471 | fs16_to_cpu(sbi, v7sb->s_ninode) > V7_NICINOD || |
472 | fs32_to_cpu(sbi, v7sb->s_time) == 0) | 472 | fs32_to_cpu(sbi, v7sb->s_fsize) > V7_MAXSIZE) |
473 | goto failed; | 473 | goto failed; |
474 | 474 | ||
475 | /* plausibility check on root inode: it is a directory, | 475 | /* plausibility check on root inode: it is a directory, |
@@ -479,7 +479,9 @@ static int v7_fill_super(struct super_block *sb, void *data, int silent) | |||
479 | v7i = (struct sysv_inode *)(bh2->b_data + 64); | 479 | v7i = (struct sysv_inode *)(bh2->b_data + 64); |
480 | if ((fs16_to_cpu(sbi, v7i->i_mode) & ~0777) != S_IFDIR || | 480 | if ((fs16_to_cpu(sbi, v7i->i_mode) & ~0777) != S_IFDIR || |
481 | (fs32_to_cpu(sbi, v7i->i_size) == 0) || | 481 | (fs32_to_cpu(sbi, v7i->i_size) == 0) || |
482 | (fs32_to_cpu(sbi, v7i->i_size) & 017) != 0) | 482 | (fs32_to_cpu(sbi, v7i->i_size) & 017) || |
483 | (fs32_to_cpu(sbi, v7i->i_size) > V7_NFILES * | ||
484 | sizeof (struct sysv_dir_entry))) | ||
483 | goto failed; | 485 | goto failed; |
484 | brelse(bh2); | 486 | brelse(bh2); |
485 | bh2 = NULL; | 487 | bh2 = NULL; |
diff --git a/include/linux/sysv_fs.h b/include/linux/sysv_fs.h index 96411306eec6..e47d6d90023d 100644 --- a/include/linux/sysv_fs.h +++ b/include/linux/sysv_fs.h | |||
@@ -148,6 +148,17 @@ struct v7_super_block { | |||
148 | char s_fname[6]; /* file system name */ | 148 | char s_fname[6]; /* file system name */ |
149 | char s_fpack[6]; /* file system pack name */ | 149 | char s_fpack[6]; /* file system pack name */ |
150 | }; | 150 | }; |
151 | /* Constants to aid sanity checking */ | ||
152 | /* This is not a hard limit, nor enforced by v7 kernel. It's actually just | ||
153 | * the limit used by Seventh Edition's ls, though is high enough to assume | ||
154 | * that no reasonable file system would have that much entries in root | ||
155 | * directory. Thus, if we see anything higher, we just probably got the | ||
156 | * endiannes wrong. */ | ||
157 | #define V7_NFILES 1024 | ||
158 | /* The disk addresses are three-byte (despite direct block addresses being | ||
159 | * aligned word-wise in inode). If the most significant byte is non-zero, | ||
160 | * something is most likely wrong (not a filesystem, bad bytesex). */ | ||
161 | #define V7_MAXSIZE 0x00ffffff | ||
151 | 162 | ||
152 | /* Coherent super-block data on disk */ | 163 | /* Coherent super-block data on disk */ |
153 | #define COH_NICINOD 100 /* number of inode cache entries */ | 164 | #define COH_NICINOD 100 /* number of inode cache entries */ |