提交 b6bd0ae0 编写于 作者: K Konstantin Komarov 提交者: Zheng Zengkai

fs/ntfs3: Refactor ntfs_readlink_hlp

mainline inclusion
from mainline-v5.15
commit 4dbe8e44
category: feature
bugzilla:
https://gitee.com/openeuler/kernel/issues/I4G67J?from=project-issue
CVE: NA

----------------------------------------------------------------------

Rename some variables.
Returned err by default is EINVAL.
Signed-off-by: NKonstantin Komarov <almaz.alexandrovich@paragon-software.com>
Signed-off-by: NYin Xiujiang <yinxiujiang@kylinos.cn>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
Acked-by: NHou Tao <houtao1@huawei.com>
Acked-by: NXie XiuQi <xiexiuqi@huawei.com>
Signed-off-by: NZheng Zengkai <zhengzengkai@huawei.com>
上级 85e1bbeb
...@@ -1763,15 +1763,15 @@ void ntfs_evict_inode(struct inode *inode) ...@@ -1763,15 +1763,15 @@ void ntfs_evict_inode(struct inode *inode)
static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer, static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer,
int buflen) int buflen)
{ {
int i, err = 0; int i, err = -EINVAL;
struct ntfs_inode *ni = ntfs_i(inode); struct ntfs_inode *ni = ntfs_i(inode);
struct super_block *sb = inode->i_sb; struct super_block *sb = inode->i_sb;
struct ntfs_sb_info *sbi = sb->s_fs_info; struct ntfs_sb_info *sbi = sb->s_fs_info;
u64 i_size = inode->i_size; u64 size;
u16 nlen = 0; u16 ulen = 0;
void *to_free = NULL; void *to_free = NULL;
struct REPARSE_DATA_BUFFER *rp; struct REPARSE_DATA_BUFFER *rp;
struct le_str *uni; const __le16 *uname;
struct ATTRIB *attr; struct ATTRIB *attr;
/* Reparse data present. Try to parse it. */ /* Reparse data present. Try to parse it. */
...@@ -1780,68 +1780,64 @@ static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer, ...@@ -1780,68 +1780,64 @@ static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer,
*buffer = 0; *buffer = 0;
/* Read into temporal buffer. */
if (i_size > sbi->reparse.max_size || i_size <= sizeof(u32)) {
err = -EINVAL;
goto out;
}
attr = ni_find_attr(ni, NULL, NULL, ATTR_REPARSE, NULL, 0, NULL, NULL); attr = ni_find_attr(ni, NULL, NULL, ATTR_REPARSE, NULL, 0, NULL, NULL);
if (!attr) { if (!attr)
err = -EINVAL;
goto out; goto out;
}
if (!attr->non_res) { if (!attr->non_res) {
rp = resident_data_ex(attr, i_size); rp = resident_data_ex(attr, sizeof(struct REPARSE_DATA_BUFFER));
if (!rp) { if (!rp)
err = -EINVAL;
goto out; goto out;
} size = le32_to_cpu(attr->res.data_size);
} else { } else {
rp = kmalloc(i_size, GFP_NOFS); size = le64_to_cpu(attr->nres.data_size);
rp = NULL;
}
if (size > sbi->reparse.max_size || size <= sizeof(u32))
goto out;
if (!rp) {
rp = kmalloc(size, GFP_NOFS);
if (!rp) { if (!rp) {
err = -ENOMEM; err = -ENOMEM;
goto out; goto out;
} }
to_free = rp; to_free = rp;
err = ntfs_read_run_nb(sbi, &ni->file.run, 0, rp, i_size, NULL); /* Read into temporal buffer. */
err = ntfs_read_run_nb(sbi, &ni->file.run, 0, rp, size, NULL);
if (err) if (err)
goto out; goto out;
} }
err = -EINVAL;
/* Microsoft Tag. */ /* Microsoft Tag. */
switch (rp->ReparseTag) { switch (rp->ReparseTag) {
case IO_REPARSE_TAG_MOUNT_POINT: case IO_REPARSE_TAG_MOUNT_POINT:
/* Mount points and junctions. */ /* Mount points and junctions. */
/* Can we use 'Rp->MountPointReparseBuffer.PrintNameLength'? */ /* Can we use 'Rp->MountPointReparseBuffer.PrintNameLength'? */
if (i_size <= offsetof(struct REPARSE_DATA_BUFFER, if (size <= offsetof(struct REPARSE_DATA_BUFFER,
MountPointReparseBuffer.PathBuffer)) MountPointReparseBuffer.PathBuffer))
goto out; goto out;
uni = Add2Ptr(rp, uname = Add2Ptr(rp,
offsetof(struct REPARSE_DATA_BUFFER, offsetof(struct REPARSE_DATA_BUFFER,
MountPointReparseBuffer.PathBuffer) + MountPointReparseBuffer.PathBuffer) +
le16_to_cpu(rp->MountPointReparseBuffer le16_to_cpu(rp->MountPointReparseBuffer
.PrintNameOffset) - .PrintNameOffset));
2); ulen = le16_to_cpu(rp->MountPointReparseBuffer.PrintNameLength);
nlen = le16_to_cpu(rp->MountPointReparseBuffer.PrintNameLength);
break; break;
case IO_REPARSE_TAG_SYMLINK: case IO_REPARSE_TAG_SYMLINK:
/* FolderSymbolicLink */ /* FolderSymbolicLink */
/* Can we use 'Rp->SymbolicLinkReparseBuffer.PrintNameLength'? */ /* Can we use 'Rp->SymbolicLinkReparseBuffer.PrintNameLength'? */
if (i_size <= offsetof(struct REPARSE_DATA_BUFFER, if (size <= offsetof(struct REPARSE_DATA_BUFFER,
SymbolicLinkReparseBuffer.PathBuffer)) SymbolicLinkReparseBuffer.PathBuffer))
goto out; goto out;
uni = Add2Ptr(rp, uname = Add2Ptr(
offsetof(struct REPARSE_DATA_BUFFER, rp, offsetof(struct REPARSE_DATA_BUFFER,
SymbolicLinkReparseBuffer.PathBuffer) + SymbolicLinkReparseBuffer.PathBuffer) +
le16_to_cpu(rp->SymbolicLinkReparseBuffer le16_to_cpu(rp->SymbolicLinkReparseBuffer
.PrintNameOffset) - .PrintNameOffset));
2); ulen = le16_to_cpu(
nlen = le16_to_cpu(
rp->SymbolicLinkReparseBuffer.PrintNameLength); rp->SymbolicLinkReparseBuffer.PrintNameLength);
break; break;
...@@ -1873,29 +1869,28 @@ static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer, ...@@ -1873,29 +1869,28 @@ static noinline int ntfs_readlink_hlp(struct inode *inode, char *buffer,
goto out; goto out;
} }
if (!IsReparseTagNameSurrogate(rp->ReparseTag) || if (!IsReparseTagNameSurrogate(rp->ReparseTag) ||
i_size <= sizeof(struct REPARSE_POINT)) { size <= sizeof(struct REPARSE_POINT)) {
goto out; goto out;
} }
/* Users tag. */ /* Users tag. */
uni = Add2Ptr(rp, sizeof(struct REPARSE_POINT) - 2); uname = Add2Ptr(rp, sizeof(struct REPARSE_POINT));
nlen = le16_to_cpu(rp->ReparseDataLength) - ulen = le16_to_cpu(rp->ReparseDataLength) -
sizeof(struct REPARSE_POINT); sizeof(struct REPARSE_POINT);
} }
/* Convert nlen from bytes to UNICODE chars. */ /* Convert nlen from bytes to UNICODE chars. */
nlen >>= 1; ulen >>= 1;
/* Check that name is available. */ /* Check that name is available. */
if (!nlen || &uni->name[nlen] > (__le16 *)Add2Ptr(rp, i_size)) if (!ulen || uname + ulen > (__le16 *)Add2Ptr(rp, size))
goto out; goto out;
/* If name is already zero terminated then truncate it now. */ /* If name is already zero terminated then truncate it now. */
if (!uni->name[nlen - 1]) if (!uname[ulen - 1])
nlen -= 1; ulen -= 1;
uni->len = nlen;
err = ntfs_utf16_to_nls(sbi, uni, buffer, buflen); err = ntfs_utf16_to_nls(sbi, uname, ulen, buffer, buflen);
if (err < 0) if (err < 0)
goto out; goto out;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册
反馈
建议
客服 返回
顶部