Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp1195520pxa; Thu, 20 Aug 2020 05:20:18 -0700 (PDT) X-Google-Smtp-Source: ABdhPJxuY1SuH1WjICyFk3ZwSy4ip4fhki/hs/xoQ9vhlYMrbByTIQLIFlwrQi0zt9RvPsL6+2eK X-Received: by 2002:a17:906:957:: with SMTP id j23mr2980163ejd.344.1597926017875; Thu, 20 Aug 2020 05:20:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597926017; cv=none; d=google.com; s=arc-20160816; b=bBXfznUGF9RqGU3hKF5EyFeehzI90aGFePjl5t5JHDBsl9iFRuTKyIfxpUe+uGeDqk 1GpCV8QiyN+vd63KkJIuaYaHJisT+reRiJsF+BjIbob9nUv/f7MKwuZfld1Rol19Zs2L Gmrz37KZ2Cgy+9A2zbjloYMMXZcr18NYRgpRT+5pVQPGQ+C3xCzF/lDCFfBbkn4e6dwA UFTR7INo7N+QkCi0pcrpJScnET50qla9I8+k3PsEI5c1Ztc2U0cIv0VpTX3Z3feXonnQ fFcf5mF5McUEzMiwCpnac1sdLmWTclyAQleJ/YfDG79pT8lZYdFSDvqmACqEriaboYKw 7k+g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Da4quj6rlr8Kl7ilOHy/3fVArXtZkhE2eSIZgilXlZM=; b=uza41OfqfTiZpPA9jZHrMm/POP84sWHkBlMoNzu3me9Bf/l8EYYT1EQr41y1Ygt+5V RcZ+impaQYUQdnhszDXzqgux9H/Qpqo1IrldNR2vHofnDSh+lEsMIt+z7n8VUWWmeXkZ Rq74Mh8W54qtJjPHbzVVDPguXX3skGoLNIRNpOx2ACSAGpDRz6+UKcrgxKwUH9lKPHBL NDjzkv9w+IIT9AFMeGUUTiHIhGMHe209Uut1519msXCgP3SUcfJzFW1FZassuANwecP9 EOkGX0llDF9Z1bi7DpRk0Q4d/pwxOOvW319fOrQ6Kq0fREvFJZgWqA49PxUhMbFI1pqX iFRA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sAaCu+4A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id a8si1078238ejt.607.2020.08.20.05.19.54; Thu, 20 Aug 2020 05:20:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sAaCu+4A; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730253AbgHTMSg (ORCPT + 99 others); Thu, 20 Aug 2020 08:18:36 -0400 Received: from mail.kernel.org ([198.145.29.99]:39770 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728929AbgHTJ41 (ORCPT ); Thu, 20 Aug 2020 05:56:27 -0400 Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 7CEFA20885; Thu, 20 Aug 2020 09:56:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1597917387; bh=BeTxvoNRylsDfFhemtURzi9T/+hctY95SiKy9lsY9ig=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sAaCu+4A1KjpbidGyMUKZLIGaRfs+dLKoEEMQfQtKswzAmqlE+Af7cGdioG83k1hg uKpVjCaZhBJg3prZG34jm9Q3lm+mvXHf74Hw0JOAGDIrpaD6jPC/ELzAv+0L5ms+sA weBaLvyoX6ISoYxe5+kYGa3Biz+KofG1eqP+TULE= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Gong Chen , Sheng Yong , Chao Yu , Jaegeuk Kim , Sasha Levin Subject: [PATCH 4.9 014/212] f2fs: check if file namelen exceeds max value Date: Thu, 20 Aug 2020 11:19:47 +0200 Message-Id: <20200820091603.051946798@linuxfoundation.org> X-Mailer: git-send-email 2.28.0 In-Reply-To: <20200820091602.251285210@linuxfoundation.org> References: <20200820091602.251285210@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sheng Yong [ Upstream commit 720db068634c91553a8e1d9a0fcd8c7050e06d2b ] Dentry bitmap is not enough to detect incorrect dentries. So this patch also checks the namelen value of a dentry. Signed-off-by: Gong Chen Signed-off-by: Sheng Yong Reviewed-by: Chao Yu Signed-off-by: Jaegeuk Kim Signed-off-by: Sasha Levin --- fs/f2fs/dir.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c index 79d138756acb5..9a11b48e55ca2 100644 --- a/fs/f2fs/dir.c +++ b/fs/f2fs/dir.c @@ -845,7 +845,8 @@ bool f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d, /* check memory boundary before moving forward */ bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len)); - if (unlikely(bit_pos > d->max)) { + if (unlikely(bit_pos > d->max || + le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) { f2fs_msg(F2FS_I_SB(d->inode)->sb, KERN_WARNING, "%s: corrupted namelen=%d, run fsck to fix.", __func__, le16_to_cpu(de->name_len)); -- 2.25.1