leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[readdir] convert qnx4

Browse Source 
... and use strnlen() instead of strlen() - it's done on untrusted data,
after all.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2013-05-17 15:17:59 -04:00
parent 9fd4d05949
commit 663f4deca7
1 changed files with 31 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
fs/qnx4/dir.c
View File

@ -14,9 +14,9 @@
#include <linux/buffer_head.h> #include <linux/buffer_head.h>
#include "qnx4.h" #include "qnx4.h"
static int qnx4_readdir(struct file *filp, void *dirent, filldir_t filldir) static int qnx4_readdir(struct file *file, struct dir_context *ctx)
{ {
struct inode *inode = file_inode(filp); struct inode *inode = file_inode(file);
unsigned int offset; unsigned int offset;
struct buffer_head *bh; struct buffer_head *bh;
struct qnx4_inode_entry *de; struct qnx4_inode_entry *de;
@ -26,48 +26,44 @@ static int qnx4_readdir(struct file *filp, void *dirent, filldir_t filldir)
int size; int size;
QNX4DEBUG((KERN_INFO "qnx4_readdir:i_size = %ld\n", (long) inode->i_size)); QNX4DEBUG((KERN_INFO "qnx4_readdir:i_size = %ld\n", (long) inode->i_size));
QNX4DEBUG((KERN_INFO "filp->f_pos = %ld\n", (long) filp->f_pos)); QNX4DEBUG((KERN_INFO "pos = %ld\n", (long) ctx->pos));
while (filp->f_pos < inode->i_size) { while (ctx->pos < inode->i_size) {
blknum = qnx4_block_map( inode, filp->f_pos >> QNX4_BLOCK_SIZE_BITS ); blknum = qnx4_block_map(inode, ctx->pos >> QNX4_BLOCK_SIZE_BITS);
bh = sb_bread(inode->i_sb, blknum); bh = sb_bread(inode->i_sb, blknum);
if(bh==NULL) { if (bh == NULL) {
printk(KERN_ERR "qnx4_readdir: bread failed (%ld)\n", blknum); printk(KERN_ERR "qnx4_readdir: bread failed (%ld)\n", blknum);
break; return 0;
} }
ix = (int)(filp->f_pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK; ix = (ctx->pos >> QNX4_DIR_ENTRY_SIZE_BITS) % QNX4_INODES_PER_BLOCK;
while (ix < QNX4_INODES_PER_BLOCK) { for (; ix < QNX4_INODES_PER_BLOCK; ix++, ctx->pos += QNX4_DIR_ENTRY_SIZE) {
offset = ix * QNX4_DIR_ENTRY_SIZE; offset = ix * QNX4_DIR_ENTRY_SIZE;
de = (struct qnx4_inode_entry *) (bh->b_data + offset); de = (struct qnx4_inode_entry *) (bh->b_data + offset);
size = strlen(de->di_fname); if (!de->di_fname[0])
if (size) { continue;
if ( !( de->di_status & QNX4_FILE_LINK ) && size > QNX4_SHORT_NAME_MAX ) if (!(de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK)))
size = QNX4_SHORT_NAME_MAX; continue;
else if ( size > QNX4_NAME_MAX ) if (!(de->di_status & QNX4_FILE_LINK))
size = QNX4_NAME_MAX; size = QNX4_SHORT_NAME_MAX;
else
if ( ( de->di_status & (QNX4_FILE_USED|QNX4_FILE_LINK) ) != 0 ) { size = QNX4_NAME_MAX;
QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname)); size = strnlen(de->di_fname, size);
if ( ( de->di_status & QNX4_FILE_LINK ) == 0 ) QNX4DEBUG((KERN_INFO "qnx4_readdir:%.*s\n", size, de->di_fname));
ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1; if (!(de->di_status & QNX4_FILE_LINK))
else { ino = blknum * QNX4_INODES_PER_BLOCK + ix - 1;
le = (struct qnx4_link_info*)de; else {
ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) * le = (struct qnx4_link_info*)de;
QNX4_INODES_PER_BLOCK + ino = ( le32_to_cpu(le->dl_inode_blk) - 1 ) *
le->dl_inode_ndx; QNX4_INODES_PER_BLOCK +
} le->dl_inode_ndx;
if (filldir(dirent, de->di_fname, size, filp->f_pos, ino, DT_UNKNOWN) < 0) { }
brelse(bh); if (!dir_emit(ctx, de->di_fname, size, ino, DT_UNKNOWN)) {
goto out; brelse(bh);
} return 0;
}
} }
ix++;
filp->f_pos += QNX4_DIR_ENTRY_SIZE;
} }
brelse(bh); brelse(bh);
} }
out:
return 0; return 0;
} }
@ -75,7 +71,7 @@ const struct file_operations qnx4_dir_operations =
{ {
.llseek = generic_file_llseek, .llseek = generic_file_llseek,
.read = generic_read_dir, .read = generic_read_dir,
.readdir = qnx4_readdir, .iterate = qnx4_readdir,
.fsync = generic_file_fsync, .fsync = generic_file_fsync,
}; };