diff options
Diffstat (limited to 'fs/udf/symlink.c')
| -rw-r--r-- | fs/udf/symlink.c | 57 |
1 files changed, 46 insertions, 11 deletions
diff --git a/fs/udf/symlink.c b/fs/udf/symlink.c index 6fb7945c1e6e..ac10ca939f26 100644 --- a/fs/udf/symlink.c +++ b/fs/udf/symlink.c | |||
| @@ -30,49 +30,73 @@ | |||
| 30 | #include <linux/buffer_head.h> | 30 | #include <linux/buffer_head.h> |
| 31 | #include "udf_i.h" | 31 | #include "udf_i.h" |
| 32 | 32 | ||
| 33 | static void udf_pc_to_char(struct super_block *sb, unsigned char *from, | 33 | static int udf_pc_to_char(struct super_block *sb, unsigned char *from, |
| 34 | int fromlen, unsigned char *to) | 34 | int fromlen, unsigned char *to, int tolen) |
| 35 | { | 35 | { |
| 36 | struct pathComponent *pc; | 36 | struct pathComponent *pc; |
| 37 | int elen = 0; | 37 | int elen = 0; |
| 38 | int comp_len; | ||
| 38 | unsigned char *p = to; | 39 | unsigned char *p = to; |
| 39 | 40 | ||
| 41 | /* Reserve one byte for terminating \0 */ | ||
| 42 | tolen--; | ||
| 40 | while (elen < fromlen) { | 43 | while (elen < fromlen) { |
| 41 | pc = (struct pathComponent *)(from + elen); | 44 | pc = (struct pathComponent *)(from + elen); |
| 45 | elen += sizeof(struct pathComponent); | ||
| 42 | switch (pc->componentType) { | 46 | switch (pc->componentType) { |
| 43 | case 1: | 47 | case 1: |
| 44 | /* | 48 | /* |
| 45 | * Symlink points to some place which should be agreed | 49 | * Symlink points to some place which should be agreed |
| 46 | * upon between originator and receiver of the media. Ignore. | 50 | * upon between originator and receiver of the media. Ignore. |
| 47 | */ | 51 | */ |
| 48 | if (pc->lengthComponentIdent > 0) | 52 | if (pc->lengthComponentIdent > 0) { |
| 53 | elen += pc->lengthComponentIdent; | ||
| 49 | break; | 54 | break; |
| 55 | } | ||
| 50 | /* Fall through */ | 56 | /* Fall through */ |
| 51 | case 2: | 57 | case 2: |
| 58 | if (tolen == 0) | ||
| 59 | return -ENAMETOOLONG; | ||
| 52 | p = to; | 60 | p = to; |
| 53 | *p++ = '/'; | 61 | *p++ = '/'; |
| 62 | tolen--; | ||
| 54 | break; | 63 | break; |
| 55 | case 3: | 64 | case 3: |
| 65 | if (tolen < 3) | ||
| 66 | return -ENAMETOOLONG; | ||
| 56 | memcpy(p, "../", 3); | 67 | memcpy(p, "../", 3); |
| 57 | p += 3; | 68 | p += 3; |
| 69 | tolen -= 3; | ||
| 58 | break; | 70 | break; |
| 59 | case 4: | 71 | case 4: |
| 72 | if (tolen < 2) | ||
| 73 | return -ENAMETOOLONG; | ||
| 60 | memcpy(p, "./", 2); | 74 | memcpy(p, "./", 2); |
| 61 | p += 2; | 75 | p += 2; |
| 76 | tolen -= 2; | ||
| 62 | /* that would be . - just ignore */ | 77 | /* that would be . - just ignore */ |
| 63 | break; | 78 | break; |
| 64 | case 5: | 79 | case 5: |
| 65 | p += udf_get_filename(sb, pc->componentIdent, p, | 80 | elen += pc->lengthComponentIdent; |
| 66 | pc->lengthComponentIdent); | 81 | if (elen > fromlen) |
| 82 | return -EIO; | ||
| 83 | comp_len = udf_get_filename(sb, pc->componentIdent, | ||
| 84 | pc->lengthComponentIdent, | ||
| 85 | p, tolen); | ||
| 86 | p += comp_len; | ||
| 87 | tolen -= comp_len; | ||
| 88 | if (tolen == 0) | ||
| 89 | return -ENAMETOOLONG; | ||
| 67 | *p++ = '/'; | 90 | *p++ = '/'; |
| 91 | tolen--; | ||
| 68 | break; | 92 | break; |
| 69 | } | 93 | } |
| 70 | elen += sizeof(struct pathComponent) + pc->lengthComponentIdent; | ||
| 71 | } | 94 | } |
| 72 | if (p > to + 1) | 95 | if (p > to + 1) |
| 73 | p[-1] = '\0'; | 96 | p[-1] = '\0'; |
| 74 | else | 97 | else |
| 75 | p[0] = '\0'; | 98 | p[0] = '\0'; |
| 99 | return 0; | ||
| 76 | } | 100 | } |
| 77 | 101 | ||
| 78 | static int udf_symlink_filler(struct file *file, struct page *page) | 102 | static int udf_symlink_filler(struct file *file, struct page *page) |
| @@ -80,11 +104,17 @@ static int udf_symlink_filler(struct file *file, struct page *page) | |||
| 80 | struct inode *inode = page->mapping->host; | 104 | struct inode *inode = page->mapping->host; |
| 81 | struct buffer_head *bh = NULL; | 105 | struct buffer_head *bh = NULL; |
| 82 | unsigned char *symlink; | 106 | unsigned char *symlink; |
| 83 | int err = -EIO; | 107 | int err; |
| 84 | unsigned char *p = kmap(page); | 108 | unsigned char *p = kmap(page); |
| 85 | struct udf_inode_info *iinfo; | 109 | struct udf_inode_info *iinfo; |
| 86 | uint32_t pos; | 110 | uint32_t pos; |
| 87 | 111 | ||
| 112 | /* We don't support symlinks longer than one block */ | ||
| 113 | if (inode->i_size > inode->i_sb->s_blocksize) { | ||
| 114 | err = -ENAMETOOLONG; | ||
| 115 | goto out_unmap; | ||
| 116 | } | ||
| 117 | |||
| 88 | iinfo = UDF_I(inode); | 118 | iinfo = UDF_I(inode); |
| 89 | pos = udf_block_map(inode, 0); | 119 | pos = udf_block_map(inode, 0); |
| 90 | 120 | ||
| @@ -94,14 +124,18 @@ static int udf_symlink_filler(struct file *file, struct page *page) | |||
| 94 | } else { | 124 | } else { |
| 95 | bh = sb_bread(inode->i_sb, pos); | 125 | bh = sb_bread(inode->i_sb, pos); |
| 96 | 126 | ||
| 97 | if (!bh) | 127 | if (!bh) { |
| 98 | goto out; | 128 | err = -EIO; |
| 129 | goto out_unlock_inode; | ||
| 130 | } | ||
| 99 | 131 | ||
| 100 | symlink = bh->b_data; | 132 | symlink = bh->b_data; |
| 101 | } | 133 | } |
| 102 | 134 | ||
| 103 | udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p); | 135 | err = udf_pc_to_char(inode->i_sb, symlink, inode->i_size, p, PAGE_SIZE); |
| 104 | brelse(bh); | 136 | brelse(bh); |
| 137 | if (err) | ||
| 138 | goto out_unlock_inode; | ||
| 105 | 139 | ||
| 106 | up_read(&iinfo->i_data_sem); | 140 | up_read(&iinfo->i_data_sem); |
| 107 | SetPageUptodate(page); | 141 | SetPageUptodate(page); |
| @@ -109,9 +143,10 @@ static int udf_symlink_filler(struct file *file, struct page *page) | |||
| 109 | unlock_page(page); | 143 | unlock_page(page); |
| 110 | return 0; | 144 | return 0; |
| 111 | 145 | ||
| 112 | out: | 146 | out_unlock_inode: |
| 113 | up_read(&iinfo->i_data_sem); | 147 | up_read(&iinfo->i_data_sem); |
| 114 | SetPageError(page); | 148 | SetPageError(page); |
| 149 | out_unmap: | ||
| 115 | kunmap(page); | 150 | kunmap(page); |
| 116 | unlock_page(page); | 151 | unlock_page(page); |
| 117 | return err; | 152 | return err; |