| From 3887fc0ad1f56a13b83de20c350db3458350cd1b Mon Sep 17 00:00:00 2001 |
| From: Dan Carpenter <dan.carpenter@oracle.com> |
| Date: Mon, 14 Nov 2011 17:52:08 +0300 |
| Subject: [PATCH] hfs: add sanity check for file name length |
| |
| commit bc5b8a9003132ae44559edd63a1623b7b99dfb68 upstream. |
| |
| On a corrupted file system the ->len field could be wrong leading to |
| a buffer overflow. |
| |
| Reported-and-acked-by: Clement LECIGNE <clement.lecigne@netasq.com> |
| Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com> |
| Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| --- |
| fs/hfs/trans.c | 2 ++ |
| 1 file changed, 2 insertions(+) |
| |
| diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c |
| index e673a88..b1ce4c7 100644 |
| --- a/fs/hfs/trans.c |
| +++ b/fs/hfs/trans.c |
| @@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in) |
| |
| src = in->name; |
| srclen = in->len; |
| + if (srclen > HFS_NAMELEN) |
| + srclen = HFS_NAMELEN; |
| dst = out; |
| dstlen = HFS_MAX_NAMELEN; |
| if (nls_io) { |
| -- |
| 1.7.12.rc1.1.gbce1580 |
| |
