[PATCH] xfs: Fix possible memory corruption in xfs_readlink
Carlos Maiolino
cmaiolino at redhat.com
Sun Oct 16 20:26:34 CDT 2011
This patch fix a possible memory corruption when
the link is larger than MAXPATHLEN and XFS_DEBUG
is not enabled. This also uses S_IFLNK to check
link not only in DEBUG mode.
Signed-off-by: Carlos Maiolino <cmaiolino at redhat.com>
---
fs/xfs/xfs_vnodeops.c | 18 ++++++++++++++++--
1 files changed, 16 insertions(+), 2 deletions(-)
diff --git a/fs/xfs/xfs_vnodeops.c b/fs/xfs/xfs_vnodeops.c
index 51fc429..3f4fbd5 100644
--- a/fs/xfs/xfs_vnodeops.c
+++ b/fs/xfs/xfs_vnodeops.c
@@ -123,8 +123,22 @@ xfs_readlink(
xfs_ilock(ip, XFS_ILOCK_SHARED);
- ASSERT(S_ISLNK(ip->i_d.di_mode));
- ASSERT(ip->i_d.di_size <= MAXPATHLEN);
+ if (unlikely(!(S_ISLNK(ip->i_d.di_mode))) ||
+ unlikely(!(ip->i_d.di_size <= MAXPATHLEN ))){
+
+ XFS_CORRUPTION_ERROR("xfs_readlink",
+ XFS_ERRLEVEL_HIGH, mp, ip);
+
+#ifdef DEBUG
+ xfs_emerg(mp, "inode (%lld), link too long or not a link."
+ (unsigned long long)ip->i_no);
+
+ ASSERT(S_ISLNK(ip->i_d.di_mode));
+ ASSERT(ip->i_d.di_size <= MAXPATHLEN);
+#endif
+
+ return XFS_ERROR(EFSCORRUPTED);
+ }
pathlen = ip->i_d.di_size;
if (!pathlen)
--
1.7.6.2
More information about the xfs
mailing list