xfs
[Top] [All Lists]

[PATCH] xfs: Fix possible memory corruption in xfs_readlink

To: xfs@xxxxxxxxxxx
Subject: [PATCH] xfs: Fix possible memory corruption in xfs_readlink
From: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
Date: Mon, 17 Oct 2011 12:52:48 -0200
Cc: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
In-reply-to: <20111016234121.GS3159@dastard>
References: <20111016234121.GS3159@dastard>
This patch fix a possible memory corruption when
the link is larger than MAXPATHLEN and XFS_DEBUG
is not enabled. This also uses S_IFLNK to check
link not only in DEBUG mode.

Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
---
 fs/xfs/xfs_vnodeops.c |    9 +++++++--
 1 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index 51fc429..c9721d7 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -123,8 +123,13 @@ xfs_readlink(
 
        xfs_ilock(ip, XFS_ILOCK_SHARED);
 
-       ASSERT(S_ISLNK(ip->i_d.di_mode));
-       ASSERT(ip->i_d.di_size <= MAXPATHLEN);
+       if (!(S_ISLNK(ip->i_d.di_mode)) || !(ip->i_d.di_size <= MAXPATHLEN )){
+
+               xfs_emerg(mp, "inode (%lld), link too long or not a link"
+                        (unsigned long long)ip->i_no);
+               ASSERT(0);
+               return XFS_ERROR(EFSCORRUPTED);
+       }
 
        pathlen = ip->i_d.di_size;
        if (!pathlen)
-- 
1.7.6.2

<Prev in Thread] Current Thread [Next in Thread>