[RFC 2/2] ext2: fix rec_len overflow

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



This patch limits ext2_dir_entry_2->rec_len to 65532 to prevent from
overflow with 64KB blocksize.


Signed-off-by: Takashi Sato [email protected]
---
diff -upNr -X linux-2.6.17-rc6/Documentation/dontdiff linux-2.6.17-rc6/fs/ext2/dir.c linux-2.6.17-rc6.tmp/fs/ext2/dir.c
--- linux-2.6.17-rc6/fs/ext2/dir.c	2006-06-27 09:05:11.000000000 +0900
+++ linux-2.6.17-rc6.tmp/fs/ext2/dir.c	2006-06-27 09:05:35.000000000 +0900
@@ -461,13 +461,21 @@ int ext2_add_link (struct dentry *dentry
 		kaddr = page_address(page);
 		dir_end = kaddr + ext2_last_byte(dir, n);
 		de = (ext2_dirent *)kaddr;
-		kaddr += PAGE_CACHE_SIZE - reclen;
+		if (chunk_size < EXT2_RECLEN_MAX  )
+			kaddr += PAGE_CACHE_SIZE - reclen;
+		else
+			kaddr += EXT2_RECLEN_MAX - reclen;
 		while ((char *)de <= kaddr) {
 			if ((char *)de == dir_end) {
 				/* We hit i_size */
 				name_len = 0;
-				rec_len = chunk_size;
-				de->rec_len = cpu_to_le16(chunk_size);
+				if (chunk_size < EXT2_RECLEN_MAX) {
+					rec_len = chunk_size;
+					de->rec_len = cpu_to_le16(chunk_size);
+				} else {
+					rec_len = EXT2_RECLEN_MAX;
+					de->rec_len = cpu_to_le16(EXT2_RECLEN_MAX);
+				}
 				de->inode = 0;
 				goto got_it;
 			}
diff -upNr -X linux-2.6.17-rc6/Documentation/dontdiff linux-2.6.17-rc6/include/linux/ext2_fs.h linux-2.6.17-rc6.tmp/include/linux/ext2_fs.h
--- linux-2.6.17-rc6/include/linux/ext2_fs.h	2006-06-27 09:05:15.000000000 +0900
+++ linux-2.6.17-rc6.tmp/include/linux/ext2_fs.h	2006-06-27 08:49:16.000000000 +0900
@@ -87,11 +87,16 @@ static inline struct ext2_sb_info *EXT2_
 #define EXT2_LINK_MAX		32000
 
 /*
+ * Maximal size of directory entry record length
+ */
+#define EXT2_RECLEN_MAX		65532
+
+/*
  * Macro-instructions used to manage several block sizes
  */
 #define EXT2_MIN_BLOCK_SIZE		1024
-#define	EXT2_MAX_BLOCK_SIZE		4096
-#define EXT2_MIN_BLOCK_LOG_SIZE		  10
+#define	EXT2_MAX_BLOCK_SIZE		65636
+#define EXT2_MIN_BLOCK_LOG_SIZE		10
 #ifdef __KERNEL__
 # define EXT2_BLOCK_SIZE(s)		((s)->s_blocksize)
 #else


Cheers, sho


-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux