1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
--- linux/fs/isofs/rock.c.orig
+++ linux/fs/isofs/rock.c
@@ -14,6 +14,7 @@
#include <linux/slab.h>
#include <linux/pagemap.h>
#include <linux/smp_lock.h>
+#include <asm/page.h>
#include "rock.h"
@@ -419,7 +420,7 @@
return 0;
}
-static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr)
+static char *get_symlink_chunk(char *rpnt, struct rock_ridge *rr, char *plimit)
{
int slen;
int rootflag;
@@ -431,16 +432,25 @@
rootflag = 0;
switch (slp->flags & ~1) {
case 0:
+ if (slp->len > plimit - rpnt)
+ return NULL;
memcpy(rpnt, slp->text, slp->len);
rpnt+=slp->len;
break;
+ case 2:
+ if (rpnt >= plimit)
+ return NULL;
+ *rpnt++='.';
+ break;
case 4:
+ if (2 > plimit - rpnt)
+ return NULL;
*rpnt++='.';
- /* fallthru */
- case 2:
*rpnt++='.';
break;
case 8:
+ if (rpnt >= plimit)
+ return NULL;
rootflag = 1;
*rpnt++='/';
break;
@@ -457,17 +467,23 @@
* If there is another SL record, and this component
* record isn't continued, then add a slash.
*/
- if ((!rootflag) && (rr->u.SL.flags & 1) && !(oldslp->flags & 1))
+ if ((!rootflag) && (rr->u.SL.flags & 1) &&
+ !(oldslp->flags & 1)) {
+ if (rpnt >= plimit)
+ return NULL;
*rpnt++='/';
+ }
break;
}
/*
* If this component record isn't continued, then append a '/'.
*/
- if (!rootflag && !(oldslp->flags & 1))
+ if (!rootflag && !(oldslp->flags & 1)) {
+ if (rpnt >= plimit)
+ return NULL;
*rpnt++='/';
-
+ }
}
return rpnt;
}
@@ -548,7 +564,10 @@
CHECK_SP(goto out);
break;
case SIG('S', 'L'):
- rpnt = get_symlink_chunk(rpnt, rr);
+ rpnt = get_symlink_chunk(rpnt, rr,
+ link + (PAGE_SIZE - 1));
+ if (rpnt == NULL)
+ goto out;
break;
case SIG('C', 'E'):
/* This tells is if there is a continuation record */
|
GitWeb