diff options
author | Russell King <rmk+kernel@armlinux.org.uk> | 2019-06-04 15:50:19 +0200 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2019-06-27 02:14:14 +0200 |
commit | 8616108de152447f99570dd45b6e3b8c71615fe5 (patch) | |
tree | 2d777589ca88260c5faf29de7a19b4bc99343f45 | |
parent | fs/adfs: super: fix use-after-free bug (diff) | |
download | linux-8616108de152447f99570dd45b6e3b8c71615fe5.tar.xz linux-8616108de152447f99570dd45b6e3b8c71615fe5.zip |
fs/adfs: super: limit idlen according to directory type
Limit idlen according to the directory type, as idlen (the size of a
fragment ID) can not be more than 16 with the "new directory" layout.
Signed-off-by: Russell King <rmk+kernel@armlinux.org.uk>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | fs/adfs/super.c | 10 |
1 files changed, 8 insertions, 2 deletions
diff --git a/fs/adfs/super.c b/fs/adfs/super.c index b1243433add7..d029ae10f8a0 100644 --- a/fs/adfs/super.c +++ b/fs/adfs/super.c @@ -54,6 +54,7 @@ void adfs_msg(struct super_block *sb, const char *pfx, const char *fmt, ...) static int adfs_checkdiscrecord(struct adfs_discrecord *dr) { + unsigned int max_idlen; int i; /* sector size must be 256, 512 or 1024 bytes */ @@ -73,8 +74,13 @@ static int adfs_checkdiscrecord(struct adfs_discrecord *dr) if (le32_to_cpu(dr->disc_size_high) >> dr->log2secsize) return 1; - /* idlen must be no greater than 19 v2 [1.0] */ - if (dr->idlen > 19) + /* + * Maximum idlen is limited to 16 bits for new directories by + * the three-byte storage of an indirect disc address. For + * big directories, idlen must be no greater than 19 v2 [1.0] + */ + max_idlen = dr->format_version ? 19 : 16; + if (dr->idlen > max_idlen) return 1; /* reserved bytes should be zero */ |