Doug / smarc-fsl-linux-kernel

Download as
Browse Code ยป

Commit 338d0f0a6fbc82407864606f5b64b75aeb3c70f2

Authored by Timo Warns
Committed by Linus Torvalds
1 parent b4fd4ae6c6
Exists in master and in 6 other branches imx_3.10.17_1.0.1_ga, imx_3.10.53_1.1.0_ga, imx_3.14.28_1.0.0_ga, smarc-imx_3.10.53_1.1.0_ga, smarc-imx_3.14.28_1.0.0_ga, smarc-l5.0.0_1.0.0-ga

befs: Validate length of long symbolic links. 

Signed-off-by: Timo Warns <warns@pre-sense.de>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

Showing 1 changed file with 14 additions and 9 deletions Side-by-side Diff

... ... @@ -474,17 +474,22 @@
474 474 befs_data_stream *data = &befs_ino->i_data.ds;
475 475 befs_off_t len = data->size;
476 476  
477   - befs_debug(sb, "Follow long symlink");
478   -
479   - link = kmalloc(len, GFP_NOFS);
480   - if (!link) {
481   - link = ERR_PTR(-ENOMEM);
482   - } else if (befs_read_lsymlink(sb, data, link, len) != len) {
483   - kfree(link);
484   - befs_error(sb, "Failed to read entire long symlink");
  477 + if (len == 0) {
  478 + befs_error(sb, "Long symlink with illegal length");
485 479 link = ERR_PTR(-EIO);
486 480 } else {
487   - link[len - 1] = '\0';
  481 + befs_debug(sb, "Follow long symlink");
  482 +
  483 + link = kmalloc(len, GFP_NOFS);
  484 + if (!link) {
  485 + link = ERR_PTR(-ENOMEM);
  486 + } else if (befs_read_lsymlink(sb, data, link, len) != len) {
  487 + kfree(link);
  488 + befs_error(sb, "Failed to read entire long symlink");
  489 + link = ERR_PTR(-EIO);
  490 + } else {
  491 + link[len - 1] = '\0';
  492 + }
488 493 }
489 494 } else {
490 495 link = befs_ino->i_data.symlink;