On Thu, Oct 24, 2019 at 10:15:05PM -0700, Darrick J. Wong wrote:
> From: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
>
> Actually call namecheck on directory entry names before we hand them
> over to userspace.
>
> Signed-off-by: Darrick J. Wong <darrick.wong@xxxxxxxxxx>
> ---
> fs/xfs/xfs_dir2_readdir.c | 16 ++++++++++++++++
> 1 file changed, 16 insertions(+)
>
>
> diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c
> index 283df898dd9f..a8fb0a6829fd 100644
> --- a/fs/xfs/xfs_dir2_readdir.c
> +++ b/fs/xfs/xfs_dir2_readdir.c
...
> @@ -208,6 +214,11 @@ xfs_dir2_block_getdents(
> /*
> * If it didn't fit, set the final offset to here & return.
> */
> + if (!xfs_dir2_namecheck(dep->name, dep->namelen)) {
> + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
> + dp->i_mount);
> + return -EFSCORRUPTED;
> + }
xfs_trans_brelse(..., bp) (here and in _leaf_getdents())?
Brian
> if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
> be64_to_cpu(dep->inumber),
> xfs_dir3_get_dtype(dp->i_mount, filetype))) {
> @@ -456,6 +467,11 @@ xfs_dir2_leaf_getdents(
> filetype = dp->d_ops->data_get_ftype(dep);
>
> ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
> + if (!xfs_dir2_namecheck(dep->name, dep->namelen)) {
> + XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
> + dp->i_mount);
> + return -EFSCORRUPTED;
> + }
> if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
> be64_to_cpu(dep->inumber),
> xfs_dir3_get_dtype(dp->i_mount, filetype)))
>
