aboutsummaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
Diffstat (limited to 'fs')
-rw-r--r--fs/squashfs/block.c3
-rw-r--r--fs/squashfs/dir.c7
-rw-r--r--fs/squashfs/namei.c5
-rw-r--r--fs/squashfs/squashfs_fs.h19
-rw-r--r--fs/squashfs/super.c5
5 files changed, 15 insertions, 24 deletions
diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c
index ed0eb2a921f4..fb50652e4e11 100644
--- a/fs/squashfs/block.c
+++ b/fs/squashfs/block.c
@@ -83,7 +83,8 @@ static struct buffer_head *get_block_length(struct super_block *sb,
83 * filesystem), otherwise the length is obtained from the first two bytes of 83 * filesystem), otherwise the length is obtained from the first two bytes of
84 * the metadata block. A bit in the length field indicates if the block 84 * the metadata block. A bit in the length field indicates if the block
85 * is stored uncompressed in the filesystem (usually because compression 85 * is stored uncompressed in the filesystem (usually because compression
86 * generated a larger block - this does occasionally happen with zlib). 86 * generated a larger block - this does occasionally happen with compression
87 * algorithms).
87 */ 88 */
88int squashfs_read_data(struct super_block *sb, void **buffer, u64 index, 89int squashfs_read_data(struct super_block *sb, void **buffer, u64 index,
89 int length, u64 *next_index, int srclength, int pages) 90 int length, u64 *next_index, int srclength, int pages)
diff --git a/fs/squashfs/dir.c b/fs/squashfs/dir.c
index 9dfe2ce0fb70..b381305c9a47 100644
--- a/fs/squashfs/dir.c
+++ b/fs/squashfs/dir.c
@@ -64,7 +64,7 @@ static int get_dir_index_using_offset(struct super_block *sb,
64 * is offset by 3 because we invent "." and ".." entries which are 64 * is offset by 3 because we invent "." and ".." entries which are
65 * not actually stored in the directory. 65 * not actually stored in the directory.
66 */ 66 */
67 if (f_pos < 3) 67 if (f_pos <= 3)
68 return f_pos; 68 return f_pos;
69 f_pos -= 3; 69 f_pos -= 3;
70 70
@@ -105,7 +105,7 @@ static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir)
105 struct inode *inode = file->f_dentry->d_inode; 105 struct inode *inode = file->f_dentry->d_inode;
106 struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; 106 struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info;
107 u64 block = squashfs_i(inode)->start + msblk->directory_table; 107 u64 block = squashfs_i(inode)->start + msblk->directory_table;
108 int offset = squashfs_i(inode)->offset, length = 0, dir_count, size, 108 int offset = squashfs_i(inode)->offset, length, dir_count, size,
109 type, err; 109 type, err;
110 unsigned int inode_number; 110 unsigned int inode_number;
111 struct squashfs_dir_header dirh; 111 struct squashfs_dir_header dirh;
@@ -173,8 +173,7 @@ static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir)
173 173
174 dir_count = le32_to_cpu(dirh.count) + 1; 174 dir_count = le32_to_cpu(dirh.count) + 1;
175 175
176 /* dir_count should never be larger than 256 */ 176 if (dir_count > SQUASHFS_DIR_COUNT)
177 if (dir_count > 256)
178 goto failed_read; 177 goto failed_read;
179 178
180 while (dir_count--) { 179 while (dir_count--) {
diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c
index 0682b38d7e31..abcc58f3c152 100644
--- a/fs/squashfs/namei.c
+++ b/fs/squashfs/namei.c
@@ -144,7 +144,7 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
144 struct squashfs_dir_entry *dire; 144 struct squashfs_dir_entry *dire;
145 u64 block = squashfs_i(dir)->start + msblk->directory_table; 145 u64 block = squashfs_i(dir)->start + msblk->directory_table;
146 int offset = squashfs_i(dir)->offset; 146 int offset = squashfs_i(dir)->offset;
147 int err, length = 0, dir_count, size; 147 int err, length, dir_count, size;
148 148
149 TRACE("Entered squashfs_lookup [%llx:%x]\n", block, offset); 149 TRACE("Entered squashfs_lookup [%llx:%x]\n", block, offset);
150 150
@@ -177,8 +177,7 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
177 177
178 dir_count = le32_to_cpu(dirh.count) + 1; 178 dir_count = le32_to_cpu(dirh.count) + 1;
179 179
180 /* dir_count should never be larger than 256 */ 180 if (dir_count > SQUASHFS_DIR_COUNT)
181 if (dir_count > 256)
182 goto data_error; 181 goto data_error;
183 182
184 while (dir_count--) { 183 while (dir_count--) {
diff --git a/fs/squashfs/squashfs_fs.h b/fs/squashfs/squashfs_fs.h
index e8e14645de9a..9e2349d07cb1 100644
--- a/fs/squashfs/squashfs_fs.h
+++ b/fs/squashfs/squashfs_fs.h
@@ -30,11 +30,6 @@
30 30
31/* size of metadata (inode and directory) blocks */ 31/* size of metadata (inode and directory) blocks */
32#define SQUASHFS_METADATA_SIZE 8192 32#define SQUASHFS_METADATA_SIZE 8192
33#define SQUASHFS_METADATA_LOG 13
34
35/* default size of data blocks */
36#define SQUASHFS_FILE_SIZE 131072
37#define SQUASHFS_FILE_LOG 17
38 33
39/* default size of block device I/O */ 34/* default size of block device I/O */
40#ifdef CONFIG_SQUASHFS_4K_DEVBLK_SIZE 35#ifdef CONFIG_SQUASHFS_4K_DEVBLK_SIZE
@@ -46,12 +41,12 @@
46#define SQUASHFS_FILE_MAX_SIZE 1048576 41#define SQUASHFS_FILE_MAX_SIZE 1048576
47#define SQUASHFS_FILE_MAX_LOG 20 42#define SQUASHFS_FILE_MAX_LOG 20
48 43
49/* Max number of uids and gids */
50#define SQUASHFS_IDS 65536
51
52/* Max length of filename (not 255) */ 44/* Max length of filename (not 255) */
53#define SQUASHFS_NAME_LEN 256 45#define SQUASHFS_NAME_LEN 256
54 46
47/* Max value for directory header count*/
48#define SQUASHFS_DIR_COUNT 256
49
55#define SQUASHFS_INVALID_FRAG (0xffffffffU) 50#define SQUASHFS_INVALID_FRAG (0xffffffffU)
56#define SQUASHFS_INVALID_XATTR (0xffffffffU) 51#define SQUASHFS_INVALID_XATTR (0xffffffffU)
57#define SQUASHFS_INVALID_BLK (-1LL) 52#define SQUASHFS_INVALID_BLK (-1LL)
@@ -142,9 +137,6 @@
142#define SQUASHFS_MKINODE(A, B) ((long long)(((long long) (A)\ 137#define SQUASHFS_MKINODE(A, B) ((long long)(((long long) (A)\
143 << 16) + (B))) 138 << 16) + (B)))
144 139
145/* Translate between VFS mode and squashfs mode */
146#define SQUASHFS_MODE(A) ((A) & 0xfff)
147
148/* fragment and fragment table defines */ 140/* fragment and fragment table defines */
149#define SQUASHFS_FRAGMENT_BYTES(A) \ 141#define SQUASHFS_FRAGMENT_BYTES(A) \
150 ((A) * sizeof(struct squashfs_fragment_entry)) 142 ((A) * sizeof(struct squashfs_fragment_entry))
@@ -215,11 +207,6 @@
215/* cached data constants for filesystem */ 207/* cached data constants for filesystem */
216#define SQUASHFS_CACHED_BLKS 8 208#define SQUASHFS_CACHED_BLKS 8
217 209
218#define SQUASHFS_MAX_FILE_SIZE_LOG 64
219
220#define SQUASHFS_MAX_FILE_SIZE (1LL << \
221 (SQUASHFS_MAX_FILE_SIZE_LOG - 2))
222
223/* meta index cache */ 210/* meta index cache */
224#define SQUASHFS_META_INDEXES (SQUASHFS_METADATA_SIZE / sizeof(unsigned int)) 211#define SQUASHFS_META_INDEXES (SQUASHFS_METADATA_SIZE / sizeof(unsigned int))
225#define SQUASHFS_META_ENTRIES 127 212#define SQUASHFS_META_ENTRIES 127
diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c
index 970b1167e7cb..29cd014ed3a1 100644
--- a/fs/squashfs/super.c
+++ b/fs/squashfs/super.c
@@ -158,10 +158,15 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent)
158 goto failed_mount; 158 goto failed_mount;
159 } 159 }
160 160
161 /* Check block log for sanity */
161 msblk->block_log = le16_to_cpu(sblk->block_log); 162 msblk->block_log = le16_to_cpu(sblk->block_log);
162 if (msblk->block_log > SQUASHFS_FILE_MAX_LOG) 163 if (msblk->block_log > SQUASHFS_FILE_MAX_LOG)
163 goto failed_mount; 164 goto failed_mount;
164 165
166 /* Check that block_size and block_log match */
167 if (msblk->block_size != (1 << msblk->block_log))
168 goto failed_mount;
169
165 /* Check the root inode for sanity */ 170 /* Check the root inode for sanity */
166 root_inode = le64_to_cpu(sblk->root_inode); 171 root_inode = le64_to_cpu(sblk->root_inode);
167 if (SQUASHFS_INODE_OFFSET(root_inode) > SQUASHFS_METADATA_SIZE) 172 if (SQUASHFS_INODE_OFFSET(root_inode) > SQUASHFS_METADATA_SIZE)