diff options
Diffstat (limited to 'fs/jffs2/summary.c')
| -rw-r--r-- | fs/jffs2/summary.c | 30 |
1 files changed, 22 insertions, 8 deletions
diff --git a/fs/jffs2/summary.c b/fs/jffs2/summary.c index d828b296392a..629af01e5ade 100644 --- a/fs/jffs2/summary.c +++ b/fs/jffs2/summary.c | |||
| @@ -2,10 +2,10 @@ | |||
| 2 | * JFFS2 -- Journalling Flash File System, Version 2. | 2 | * JFFS2 -- Journalling Flash File System, Version 2. |
| 3 | * | 3 | * |
| 4 | * Copyright © 2004 Ferenc Havasi <havasi@inf.u-szeged.hu>, | 4 | * Copyright © 2004 Ferenc Havasi <havasi@inf.u-szeged.hu>, |
| 5 | * Zoltan Sogor <weth@inf.u-szeged.hu>, | 5 | * Zoltan Sogor <weth@inf.u-szeged.hu>, |
| 6 | * Patrik Kluba <pajko@halom.u-szeged.hu>, | 6 | * Patrik Kluba <pajko@halom.u-szeged.hu>, |
| 7 | * University of Szeged, Hungary | 7 | * University of Szeged, Hungary |
| 8 | * 2006 KaiGai Kohei <kaigai@ak.jp.nec.com> | 8 | * 2006 KaiGai Kohei <kaigai@ak.jp.nec.com> |
| 9 | * | 9 | * |
| 10 | * For licensing information, see the file 'LICENCE' in this directory. | 10 | * For licensing information, see the file 'LICENCE' in this directory. |
| 11 | * | 11 | * |
| @@ -429,6 +429,7 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras | |||
| 429 | 429 | ||
| 430 | case JFFS2_NODETYPE_DIRENT: { | 430 | case JFFS2_NODETYPE_DIRENT: { |
| 431 | struct jffs2_sum_dirent_flash *spd; | 431 | struct jffs2_sum_dirent_flash *spd; |
| 432 | int checkedlen; | ||
| 432 | spd = sp; | 433 | spd = sp; |
| 433 | 434 | ||
| 434 | dbg_summary("Dirent at 0x%08x-0x%08x\n", | 435 | dbg_summary("Dirent at 0x%08x-0x%08x\n", |
| @@ -436,12 +437,25 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras | |||
| 436 | jeb->offset + je32_to_cpu(spd->offset) + je32_to_cpu(spd->totlen)); | 437 | jeb->offset + je32_to_cpu(spd->offset) + je32_to_cpu(spd->totlen)); |
| 437 | 438 | ||
| 438 | 439 | ||
| 439 | fd = jffs2_alloc_full_dirent(spd->nsize+1); | 440 | /* This should never happen, but https://dev.laptop.org/ticket/4184 */ |
| 441 | checkedlen = strnlen(spd->name, spd->nsize); | ||
| 442 | if (!checkedlen) { | ||
| 443 | printk(KERN_ERR "Dirent at %08x has zero at start of name. Aborting mount.\n", | ||
| 444 | jeb->offset + je32_to_cpu(spd->offset)); | ||
| 445 | return -EIO; | ||
| 446 | } | ||
| 447 | if (checkedlen < spd->nsize) { | ||
| 448 | printk(KERN_ERR "Dirent at %08x has zeroes in name. Truncating to %d chars\n", | ||
| 449 | jeb->offset + je32_to_cpu(spd->offset), checkedlen); | ||
| 450 | } | ||
| 451 | |||
| 452 | |||
| 453 | fd = jffs2_alloc_full_dirent(checkedlen+1); | ||
| 440 | if (!fd) | 454 | if (!fd) |
| 441 | return -ENOMEM; | 455 | return -ENOMEM; |
| 442 | 456 | ||
| 443 | memcpy(&fd->name, spd->name, spd->nsize); | 457 | memcpy(&fd->name, spd->name, checkedlen); |
| 444 | fd->name[spd->nsize] = 0; | 458 | fd->name[checkedlen] = 0; |
| 445 | 459 | ||
| 446 | ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino)); | 460 | ic = jffs2_scan_make_ino_cache(c, je32_to_cpu(spd->pino)); |
| 447 | if (!ic) { | 461 | if (!ic) { |
| @@ -455,7 +469,7 @@ static int jffs2_sum_process_sum_data(struct jffs2_sb_info *c, struct jffs2_eras | |||
| 455 | fd->next = NULL; | 469 | fd->next = NULL; |
| 456 | fd->version = je32_to_cpu(spd->version); | 470 | fd->version = je32_to_cpu(spd->version); |
| 457 | fd->ino = je32_to_cpu(spd->ino); | 471 | fd->ino = je32_to_cpu(spd->ino); |
| 458 | fd->nhash = full_name_hash(fd->name, spd->nsize); | 472 | fd->nhash = full_name_hash(fd->name, checkedlen); |
| 459 | fd->type = spd->type; | 473 | fd->type = spd->type; |
| 460 | 474 | ||
| 461 | jffs2_add_fd_to_list(c, fd, &ic->scan_dents); | 475 | jffs2_add_fd_to_list(c, fd, &ic->scan_dents); |