aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/hfsplus/bfind.c13
-rw-r--r--fs/hfsplus/brec.c15
-rw-r--r--fs/hfsplus/btree.c25
-rw-r--r--fs/hfsplus/hfsplus_raw.h3
4 files changed, 48 insertions, 8 deletions
diff --git a/fs/hfsplus/bfind.c b/fs/hfsplus/bfind.c
index 68c7983f0289..d182438c7ae4 100644
--- a/fs/hfsplus/bfind.c
+++ b/fs/hfsplus/bfind.c
@@ -52,6 +52,10 @@ int __hfs_brec_find(struct hfs_bnode *bnode, struct hfs_find_data *fd)
52 rec = (e + b) / 2; 52 rec = (e + b) / 2;
53 len = hfs_brec_lenoff(bnode, rec, &off); 53 len = hfs_brec_lenoff(bnode, rec, &off);
54 keylen = hfs_brec_keylen(bnode, rec); 54 keylen = hfs_brec_keylen(bnode, rec);
55 if (keylen == 0) {
56 res = -EINVAL;
57 goto fail;
58 }
55 hfs_bnode_read(bnode, fd->key, off, keylen); 59 hfs_bnode_read(bnode, fd->key, off, keylen);
56 cmpval = bnode->tree->keycmp(fd->key, fd->search_key); 60 cmpval = bnode->tree->keycmp(fd->key, fd->search_key);
57 if (!cmpval) { 61 if (!cmpval) {
@@ -67,6 +71,10 @@ int __hfs_brec_find(struct hfs_bnode *bnode, struct hfs_find_data *fd)
67 if (rec != e && e >= 0) { 71 if (rec != e && e >= 0) {
68 len = hfs_brec_lenoff(bnode, e, &off); 72 len = hfs_brec_lenoff(bnode, e, &off);
69 keylen = hfs_brec_keylen(bnode, e); 73 keylen = hfs_brec_keylen(bnode, e);
74 if (keylen == 0) {
75 res = -EINVAL;
76 goto fail;
77 }
70 hfs_bnode_read(bnode, fd->key, off, keylen); 78 hfs_bnode_read(bnode, fd->key, off, keylen);
71 } 79 }
72done: 80done:
@@ -75,6 +83,7 @@ done:
75 fd->keylength = keylen; 83 fd->keylength = keylen;
76 fd->entryoffset = off + keylen; 84 fd->entryoffset = off + keylen;
77 fd->entrylength = len - keylen; 85 fd->entrylength = len - keylen;
86fail:
78 return res; 87 return res;
79} 88}
80 89
@@ -198,6 +207,10 @@ int hfs_brec_goto(struct hfs_find_data *fd, int cnt)
198 207
199 len = hfs_brec_lenoff(bnode, fd->record, &off); 208 len = hfs_brec_lenoff(bnode, fd->record, &off);
200 keylen = hfs_brec_keylen(bnode, fd->record); 209 keylen = hfs_brec_keylen(bnode, fd->record);
210 if (keylen == 0) {
211 res = -EINVAL;
212 goto out;
213 }
201 fd->keyoffset = off; 214 fd->keyoffset = off;
202 fd->keylength = keylen; 215 fd->keylength = keylen;
203 fd->entryoffset = off + keylen; 216 fd->entryoffset = off + keylen;
diff --git a/fs/hfsplus/brec.c b/fs/hfsplus/brec.c
index fa903641992f..790cd6a8605d 100644
--- a/fs/hfsplus/brec.c
+++ b/fs/hfsplus/brec.c
@@ -42,10 +42,21 @@ u16 hfs_brec_keylen(struct hfs_bnode *node, u16 rec)
42 recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec + 1) * 2); 42 recoff = hfs_bnode_read_u16(node, node->tree->node_size - (rec + 1) * 2);
43 if (!recoff) 43 if (!recoff)
44 return 0; 44 return 0;
45 if (node->tree->attributes & HFS_TREE_BIGKEYS) 45 if (node->tree->attributes & HFS_TREE_BIGKEYS) {
46 retval = hfs_bnode_read_u16(node, recoff) + 2; 46 retval = hfs_bnode_read_u16(node, recoff) + 2;
47 else 47 if (retval > node->tree->max_key_len + 2) {
48 printk(KERN_ERR "hfs: keylen %d too large\n",
49 retval);
50 retval = 0;
51 }
52 } else {
48 retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1; 53 retval = (hfs_bnode_read_u8(node, recoff) | 1) + 1;
54 if (retval > node->tree->max_key_len + 1) {
55 printk(KERN_ERR "hfs: keylen %d too large\n",
56 retval);
57 retval = 0;
58 }
59 }
49 } 60 }
50 return retval; 61 return retval;
51} 62}
diff --git a/fs/hfsplus/btree.c b/fs/hfsplus/btree.c
index d4bd864ce108..82caff215e08 100644
--- a/fs/hfsplus/btree.c
+++ b/fs/hfsplus/btree.c
@@ -63,10 +63,23 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id)
63 tree->max_key_len = be16_to_cpu(head->max_key_len); 63 tree->max_key_len = be16_to_cpu(head->max_key_len);
64 tree->depth = be16_to_cpu(head->depth); 64 tree->depth = be16_to_cpu(head->depth);
65 65
66 /* Set the correct compare function */ 66 /* Verify the tree and set the correct compare function */
67 if (id == HFSPLUS_EXT_CNID) { 67 switch (id) {
68 case HFSPLUS_EXT_CNID:
69 if (tree->max_key_len != HFSPLUS_EXT_KEYLEN - sizeof(u16)) {
70 printk(KERN_ERR "hfs: invalid extent max_key_len %d\n",
71 tree->max_key_len);
72 goto fail_page;
73 }
68 tree->keycmp = hfsplus_ext_cmp_key; 74 tree->keycmp = hfsplus_ext_cmp_key;
69 } else if (id == HFSPLUS_CAT_CNID) { 75 break;
76 case HFSPLUS_CAT_CNID:
77 if (tree->max_key_len != HFSPLUS_CAT_KEYLEN - sizeof(u16)) {
78 printk(KERN_ERR "hfs: invalid catalog max_key_len %d\n",
79 tree->max_key_len);
80 goto fail_page;
81 }
82
70 if (test_bit(HFSPLUS_SB_HFSX, &HFSPLUS_SB(sb)->flags) && 83 if (test_bit(HFSPLUS_SB_HFSX, &HFSPLUS_SB(sb)->flags) &&
71 (head->key_type == HFSPLUS_KEY_BINARY)) 84 (head->key_type == HFSPLUS_KEY_BINARY))
72 tree->keycmp = hfsplus_cat_bin_cmp_key; 85 tree->keycmp = hfsplus_cat_bin_cmp_key;
@@ -74,7 +87,8 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id)
74 tree->keycmp = hfsplus_cat_case_cmp_key; 87 tree->keycmp = hfsplus_cat_case_cmp_key;
75 set_bit(HFSPLUS_SB_CASEFOLD, &HFSPLUS_SB(sb)->flags); 88 set_bit(HFSPLUS_SB_CASEFOLD, &HFSPLUS_SB(sb)->flags);
76 } 89 }
77 } else { 90 break;
91 default:
78 printk(KERN_ERR "hfs: unknown B*Tree requested\n"); 92 printk(KERN_ERR "hfs: unknown B*Tree requested\n");
79 goto fail_page; 93 goto fail_page;
80 } 94 }
@@ -84,6 +98,7 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id)
84 goto fail_page; 98 goto fail_page;
85 if (!tree->node_count) 99 if (!tree->node_count)
86 goto fail_page; 100 goto fail_page;
101
87 tree->node_size_shift = ffs(size) - 1; 102 tree->node_size_shift = ffs(size) - 1;
88 103
89 tree->pages_per_bnode = (tree->node_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT; 104 tree->pages_per_bnode = (tree->node_size + PAGE_CACHE_SIZE - 1) >> PAGE_CACHE_SHIFT;
@@ -93,9 +108,9 @@ struct hfs_btree *hfs_btree_open(struct super_block *sb, u32 id)
93 return tree; 108 return tree;
94 109
95 fail_page: 110 fail_page:
96 tree->inode->i_mapping->a_ops = &hfsplus_aops;
97 page_cache_release(page); 111 page_cache_release(page);
98 free_inode: 112 free_inode:
113 tree->inode->i_mapping->a_ops = &hfsplus_aops;
99 iput(tree->inode); 114 iput(tree->inode);
100 free_tree: 115 free_tree:
101 kfree(tree); 116 kfree(tree);
diff --git a/fs/hfsplus/hfsplus_raw.h b/fs/hfsplus/hfsplus_raw.h
index fe99fe8db61a..6892899fd6fb 100644
--- a/fs/hfsplus/hfsplus_raw.h
+++ b/fs/hfsplus/hfsplus_raw.h
@@ -200,6 +200,7 @@ struct hfsplus_cat_key {
200 struct hfsplus_unistr name; 200 struct hfsplus_unistr name;
201} __packed; 201} __packed;
202 202
203#define HFSPLUS_CAT_KEYLEN (sizeof(struct hfsplus_cat_key))
203 204
204/* Structs from hfs.h */ 205/* Structs from hfs.h */
205struct hfsp_point { 206struct hfsp_point {
@@ -323,7 +324,7 @@ struct hfsplus_ext_key {
323 __be32 start_block; 324 __be32 start_block;
324} __packed; 325} __packed;
325 326
326#define HFSPLUS_EXT_KEYLEN 12 327#define HFSPLUS_EXT_KEYLEN sizeof(struct hfsplus_ext_key)
327 328
328/* HFS+ generic BTree key */ 329/* HFS+ generic BTree key */
329typedef union { 330typedef union {
generated by cgit v1.2.2 (git 2.25.0) at 2026-03-04 12:18:00 -0500