summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorRussell King <rmk+kernel@armlinux.org.uk>2019-06-04 15:50:19 +0200
committerAl Viro <viro@zeniv.linux.org.uk>2019-06-27 02:14:14 +0200
commit8616108de152447f99570dd45b6e3b8c71615fe5 (patch)
tree2d777589ca88260c5faf29de7a19b4bc99343f45
parentfs/adfs: super: fix use-after-free bug (diff)
downloadlinux-8616108de152447f99570dd45b6e3b8c71615fe5.tar.xz
linux-8616108de152447f99570dd45b6e3b8c71615fe5.zip
fs/adfs: super: limit idlen according to directory type
Limit idlen according to the directory type, as idlen (the size of a fragment ID) can not be more than 16 with the "new directory" layout. Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk> Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r--fs/adfs/super.c10
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/adfs/super.c b/fs/adfs/super.c
index b1243433add7..d029ae10f8a0 100644
--- a/fs/adfs/super.c
+++ b/fs/adfs/super.c
@@ -54,6 +54,7 @@ void adfs_msg(struct super_block *sb, const char *pfx, const char *fmt, ...)
static int adfs_checkdiscrecord(struct adfs_discrecord *dr)
{
+ unsigned int max_idlen;
int i;
/* sector size must be 256, 512 or 1024 bytes */
@@ -73,8 +74,13 @@ static int adfs_checkdiscrecord(struct adfs_discrecord *dr)
if (le32_to_cpu(dr->disc_size_high) >> dr->log2secsize)
return 1;
- /* idlen must be no greater than 19 v2 [1.0] */
- if (dr->idlen > 19)
+ /*
+ * Maximum idlen is limited to 16 bits for new directories by
+ * the three-byte storage of an indirect disc address. For
+ * big directories, idlen must be no greater than 19 v2 [1.0]
+ */
+ max_idlen = dr->format_version ? 19 : 16;
+ if (dr->idlen > max_idlen)
return 1;
/* reserved bytes should be zero */