[RFC 2/2] ext2: fix rec_len overflow

From: sho
Date: Wed Jun 28 2006 - 07:54:31 EST

Next message: Nigel Cunningham: "Re: x86_64 restore_image declaration needs asmlinkage?"
Previous message: Rafael J. Wysocki: "Re: x86_64 restore_image declaration needs asmlinkage?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This patch limits ext2_dir_entry_2->rec_len to 65532 to prevent from
overflow with 64KB blocksize.

Signed-off-by: Takashi Sato sho@xxxxxxxxxxxxxx
---
diff -upNr -X linux-2.6.17-rc6/Documentation/dontdiff linux-2.6.17-rc6/fs/ext2/dir.c linux-2.6.17-rc6.tmp/fs/ext2/dir.c
--- linux-2.6.17-rc6/fs/ext2/dir.c 2006-06-27 09:05:11.000000000 +0900
+++ linux-2.6.17-rc6.tmp/fs/ext2/dir.c 2006-06-27 09:05:35.000000000 +0900
@@ -461,13 +461,21 @@ int ext2_add_link (struct dentry *dentry
kaddr = page_address(page);
dir_end = kaddr + ext2_last_byte(dir, n);
de = (ext2_dirent *)kaddr;
- kaddr += PAGE_CACHE_SIZE - reclen;
+ if (chunk_size < EXT2_RECLEN_MAX )
+ kaddr += PAGE_CACHE_SIZE - reclen;
+ else
+ kaddr += EXT2_RECLEN_MAX - reclen;
while ((char *)de <= kaddr) {
if ((char *)de == dir_end) {
/* We hit i_size */
name_len = 0;
- rec_len = chunk_size;
- de->rec_len = cpu_to_le16(chunk_size);
+ if (chunk_size < EXT2_RECLEN_MAX) {
+ rec_len = chunk_size;
+ de->rec_len = cpu_to_le16(chunk_size);
+ } else {
+ rec_len = EXT2_RECLEN_MAX;
+ de->rec_len = cpu_to_le16(EXT2_RECLEN_MAX);
+ }
de->inode = 0;
goto got_it;
}
diff -upNr -X linux-2.6.17-rc6/Documentation/dontdiff linux-2.6.17-rc6/include/linux/ext2_fs.h linux-2.6.17-rc6.tmp/include/linux/ext2_fs.h
--- linux-2.6.17-rc6/include/linux/ext2_fs.h 2006-06-27 09:05:15.000000000 +0900
+++ linux-2.6.17-rc6.tmp/include/linux/ext2_fs.h 2006-06-27 08:49:16.000000000 +0900
@@ -87,11 +87,16 @@ static inline struct ext2_sb_info *EXT2_
#define EXT2_LINK_MAX 32000

/*
+ * Maximal size of directory entry record length
+ */
+#define EXT2_RECLEN_MAX 65532
+
+/*
* Macro-instructions used to manage several block sizes
*/
#define EXT2_MIN_BLOCK_SIZE 1024
-#define EXT2_MAX_BLOCK_SIZE 4096
-#define EXT2_MIN_BLOCK_LOG_SIZE 10
+#define EXT2_MAX_BLOCK_SIZE 65636
+#define EXT2_MIN_BLOCK_LOG_SIZE 10
#ifdef __KERNEL__
# define EXT2_BLOCK_SIZE(s) ((s)->s_blocksize)
#else

Cheers, sho

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Nigel Cunningham: "Re: x86_64 restore_image declaration needs asmlinkage?"
Previous message: Rafael J. Wysocki: "Re: x86_64 restore_image declaration needs asmlinkage?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]