From: David Woodhouse Date: Sat, 13 Oct 2007 10:33:50 +0000 (+0100) Subject: [JFFS2] Check for creation of dirents with embedded zero bytes in name. X-Git-Tag: v3.12-rc1~26378^2~7 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=69ca4378aa376cf2c49657d4f6951da56c27cd3a;p=kernel%2Fkernel-generic.git [JFFS2] Check for creation of dirents with embedded zero bytes in name. I have no idea how this happened, but OLPC trac #4184 suggests that it did. Catch it early. Signed-off-by: David Woodhouse --- diff --git a/fs/jffs2/write.c b/fs/jffs2/write.c index 664c164..2f56954 100644 --- a/fs/jffs2/write.c +++ b/fs/jffs2/write.c @@ -215,6 +215,17 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff BUG(); }); + if (strnlen(name, namelen) != namelen) { + /* This should never happen, but seems to have done on at least one + occasion: https://dev.laptop.org/ticket/4184 */ + printk(KERN_CRIT "Error in jffs2_write_dirent() -- name contains zero bytes!\n"); + printk(KERN_CRIT "Directory inode #%u, name at *0x%p \"%s\"->ino #%u, name_crc 0x%08x\n", + je32_to_cpu(rd->pino), name, name, je32_to_cpu(rd->ino), + je32_to_cpu(rd->name_crc)); + WARN_ON(1); + return ERR_PTR(-EIO); + } + vecs[0].iov_base = rd; vecs[0].iov_len = sizeof(*rd); vecs[1].iov_base = (unsigned char *)name; @@ -226,7 +237,7 @@ struct jffs2_full_dirent *jffs2_write_dirent(struct jffs2_sb_info *c, struct jff fd->version = je32_to_cpu(rd->version); fd->ino = je32_to_cpu(rd->ino); - fd->nhash = full_name_hash(name, strlen(name)); + fd->nhash = full_name_hash(name, namelen); fd->type = rd->type; memcpy(fd->name, name, namelen); fd->name[namelen]=0;