aboutsummaryrefslogtreecommitdiff
path: root/fs/squashfs/namei.c
diff options
context:
space:
mode:
Diffstat (limited to 'fs/squashfs/namei.c')
-rw-r--r--fs/squashfs/namei.c33
1 files changed, 20 insertions, 13 deletions
diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c
index 7a9464d08cf..67cad77fefb 100644
--- a/fs/squashfs/namei.c
+++ b/fs/squashfs/namei.c
@@ -2,7 +2,7 @@
* Squashfs - a compressed read only filesystem for Linux
*
* Copyright (c) 2002, 2003, 2004, 2005, 2006, 2007, 2008
- * Phillip Lougher <phillip@lougher.demon.co.uk>
+ * Phillip Lougher <phillip@squashfs.org.uk>
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
@@ -79,7 +79,8 @@ static int get_dir_index_using_name(struct super_block *sb,
int len)
{
struct squashfs_sb_info *msblk = sb->s_fs_info;
- int i, size, length = 0, err;
+ int i, length = 0, err;
+ unsigned int size;
struct squashfs_dir_index *index;
char *str;
@@ -103,6 +104,8 @@ static int get_dir_index_using_name(struct super_block *sb,
size = le32_to_cpu(index->size) + 1;
+ if (size > SQUASHFS_NAME_LEN)
+ break;
err = squashfs_read_metadata(sb, index->name, &index_start,
&index_offset, size);
@@ -134,7 +137,7 @@ out:
static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
- struct nameidata *nd)
+ unsigned int flags)
{
const unsigned char *name = dentry->d_name.name;
int len = dentry->d_name.len;
@@ -144,7 +147,8 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
struct squashfs_dir_entry *dire;
u64 block = squashfs_i(dir)->start + msblk->directory_table;
int offset = squashfs_i(dir)->offset;
- int err, length = 0, dir_count, size;
+ int err, length;
+ unsigned int dir_count, size;
TRACE("Entered squashfs_lookup [%llx:%x]\n", block, offset);
@@ -176,6 +180,10 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
length += sizeof(dirh);
dir_count = le32_to_cpu(dirh.count) + 1;
+
+ if (dir_count > SQUASHFS_DIR_COUNT)
+ goto data_error;
+
while (dir_count--) {
/*
* Read directory entry.
@@ -187,6 +195,10 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
size = le16_to_cpu(dire->size) + 1;
+ /* size should never be larger than SQUASHFS_NAME_LEN */
+ if (size > SQUASHFS_NAME_LEN)
+ goto data_error;
+
err = squashfs_read_metadata(dir->i_sb, dire->name,
&block, &offset, size);
if (err < 0)
@@ -211,11 +223,6 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
blk, off, ino_num);
inode = squashfs_iget(dir->i_sb, ino, ino_num);
- if (IS_ERR(inode)) {
- err = PTR_ERR(inode);
- goto failed;
- }
-
goto exit_lookup;
}
}
@@ -223,10 +230,10 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry,
exit_lookup:
kfree(dire);
- if (inode)
- return d_splice_alias(inode, dentry);
- d_add(dentry, inode);
- return ERR_PTR(0);
+ return d_splice_alias(inode, dentry);
+
+data_error:
+ err = -EIO;
read_failure:
ERROR("Unable to read directory block [%llx:%x]\n",
generated by cgit v1.2.3-70-g09d2 (git 2.46.0) at 2025-11-03 18:27:52 +0000