Received: by 2002:a25:8b91:0:0:0:0:0 with SMTP id j17csp8605043ybl;
        Thu, 16 Jan 2020 20:44:23 -0800 (PST)
X-Google-Smtp-Source: APXvYqxqI4vj1Mm1vgRHBVN3ZaP2ysokF69/bai09oRjO8q8BfsIjWKnRJmG0926gWDdVhIzS5Id
X-Received: by 2002:a9d:68cb:: with SMTP id i11mr4703932oto.210.1579236263082;
        Thu, 16 Jan 2020 20:44:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1579236263; cv=none;
        d=google.com; s=arc-20160816;
        b=kI51jY2jfmCuUWOMojTFhUMwG16rxRVDyiVFHdGEMHMfcOwOL2ghZ8XK1qs9vy3vb/
         bh31+Y1BVKjO7Y29vxcKjW1AcOGxJ/dROBOL3jlJdxnGZAv+I5B3omCnKfmcRu345MHG
         +kr1URerwJN7PbzRH3Liu/5M7j1Ckk9V0BSBCkeS9IRouejPl+a6qwWxmQ5aPsv+nZO4
         RyezG6k0m9YHvHY1FVmYULItKAiKk1q4uoXTnW6kE9d4R0h0+sHbT41ad375TweoKpg5
         UEUZRWDk0Jfz+LfwykTt+KhOzR9TY3UycCyZs6K7q0h4Wd/o6n6OjyRE4IOM/3eQ9Gwp
         OUMg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=bFiQjMRx3Pp9TeZOXMkJXM6g5qLbrGtq157fe55u6ws=;
        b=gk3mIpBb9gV8v68TzDs92+4TZvp2ldYEYFM8zd7O+iQstUMZaTw67lw8OvCztiWdIl
         FA9pNzAnG50r/NGHGo7p+3KAF9rzd6tCXc3Z8glqB9VKdXak9oNaZWjT1KDq5/O89B1c
         JgT5bSASVvqn7YvC7Hc8wDGzaLkue9kI0k/ibhskNtfX+xV8GdwnHSvahId+6ornyUp8
         iRTjiAY5wyfnWY6BYv/wd0GF581t786vmUMrYMJKWms9WZWXbSGfYOnku9JssNbEtelO
         v9xDrfMLcENIj4gq+dtJHSauIHwS7zYFtctWDaacUn5HWj25D/urr6+DcdEXkKqNCEBm
         tnaw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=IxDdSx8Y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q2si14751203otn.220.2020.01.16.20.44.11;
        Thu, 16 Jan 2020 20:44:23 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=IxDdSx8Y;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391611AbgAPXkG (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Thu, 16 Jan 2020 18:40:06 -0500
Received: from mail.kernel.org ([198.145.29.99]:59684 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2390229AbgAPX1k (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 16 Jan 2020 18:27:40 -0500
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 9C87020684;
        Thu, 16 Jan 2020 23:27:39 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1579217260;
        bh=Q38lxsXrd6RMZPU5R2oxnuqAMgrL9i1BFETIT3lzb5Q=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=IxDdSx8Y/USCSdcgzw9vGi25FRU+Hn8FJCBmuFH+zA34tqNbTcB35pKHzb+OeiBXx
         Fm4H4LNKqxTtzViCCoQk1KvhxBORZ8kNyh/ZFoutbCz6YUDU/zz6Zi37XGuwdCkg51
         UdhEqnYNERsB57GZ87ZsabqiDnF1C6aSzONIfVOk=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Gong Chen <gongchen4@huawei.com>,
        Sheng Yong <shengyong1@huawei.com>,
        Chao Yu <yuchao0@huawei.com>, Jaegeuk Kim <jaegeuk@kernel.org>,
        Ben Hutchings <ben.hutchings@codethink.co.uk>
Subject: [PATCH 4.19 10/84] f2fs: check if file namelen exceeds max value
Date:   Fri, 17 Jan 2020 00:17:44 +0100
Message-Id: <20200116231714.780541022@linuxfoundation.org>
X-Mailer: git-send-email 2.25.0
In-Reply-To: <20200116231713.087649517@linuxfoundation.org>
References: <20200116231713.087649517@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sheng Yong <shengyong1@huawei.com>

commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b upstream.

Dentry bitmap is not enough to detect incorrect dentries. So this patch
also checks the namelen value of a dentry.

Signed-off-by: Gong Chen <gongchen4@huawei.com>
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>
Signed-off-by: Ben Hutchings <ben.hutchings@codethink.co.uk>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 fs/f2fs/dir.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -808,7 +808,8 @@ int f2fs_fill_dentries(struct dir_contex
 
 		/* check memory boundary before moving forward */
 		bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len));
-		if (unlikely(bit_pos > d->max)) {
+		if (unlikely(bit_pos > d->max ||
+				le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) {
 			f2fs_msg(sbi->sb, KERN_WARNING,
 				"%s: corrupted namelen=%d, run fsck to fix.",
 				__func__, le16_to_cpu(de->name_len));