| To: | xfs@xxxxxxxxxxx |
|---|---|
| Subject: | [PATCH] xfs: Fix possible memory corruption in xfs_readlink |
| From: | Carlos Maiolino <cmaiolino@xxxxxxxxxx> |
| Date: | Mon, 17 Oct 2011 12:52:48 -0200 |
| Cc: | Carlos Maiolino <cmaiolino@xxxxxxxxxx> |
| In-reply-to: | <20111016234121.GS3159@dastard> |
| References: | <20111016234121.GS3159@dastard> |
This patch fix a possible memory corruption when
the link is larger than MAXPATHLEN and XFS_DEBUG
is not enabled. This also uses S_IFLNK to check
link not only in DEBUG mode.
Signed-off-by: Carlos Maiolino <cmaiolino@xxxxxxxxxx>
---
fs/xfs/xfs_vnodeops.c | 9 +++++++--
1 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index 51fc429..c9721d7 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -123,8 +123,13 @@ xfs_readlink(
xfs_ilock(ip, XFS_ILOCK_SHARED);
- ASSERT(S_ISLNK(ip->i_d.di_mode));
- ASSERT(ip->i_d.di_size <= MAXPATHLEN);
+ if (!(S_ISLNK(ip->i_d.di_mode)) || !(ip->i_d.di_size <= MAXPATHLEN )){
+
+ xfs_emerg(mp, "inode (%lld), link too long or not a link"
+ (unsigned long long)ip->i_no);
+ ASSERT(0);
+ return XFS_ERROR(EFSCORRUPTED);
+ }
pathlen = ip->i_d.di_size;
if (!pathlen)
--
1.7.6.2
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: best way to duplicate hard drive for backup, Assarsson, Emil |
|---|---|
| Next by Date: | Re: [PATCH] xfs: Fix possible memory corruption in xfs_readlink, Carlos Maiolino |
| Previous by Thread: | Re: [PATCH] xfs: Fix possible memory corruption in xfs_readlink, Dave Chinner |
| Next by Thread: | Re: [PATCH] xfs: Fix possible memory corruption in xfs_readlink, Carlos Maiolino |
| Indexes: | [Date] [Thread] [Top] [All Lists] |