• C
    xfs: Fix possible memory corruption in xfs_readlink · b52a360b
    Carlos Maiolino 提交于
    Fixes a possible memory corruption when the link is larger than
    MAXPATHLEN and XFS_DEBUG is not enabled. This also remove the
    S_ISLNK assert, since the inode mode is checked previously in
    xfs_readlink_by_handle() and via VFS.
    
    Updated to address concerns raised by Ben Hutchings about the loose
    attention paid to 32- vs 64-bit values, and the lack of handling a
    potentially negative pathlen value:
     - Changed type of "pathlen" to be xfs_fsize_t, to match that of
       ip->i_d.di_size
     - Added checking for a negative pathlen to the too-long pathlen
       test, and generalized the message that gets reported in that case
       to reflect the change
    As a result, if a negative pathlen were encountered, this function
    would return EFSCORRUPTED (and would fail an assertion for a debug
    build)--just as would a too-long pathlen.
    Signed-off-by: NAlex Elder <aelder@sgi.com>
    Signed-off-by: NCarlos Maiolino <cmaiolino@redhat.com>
    Reviewed-by: NChristoph Hellwig <hch@lst.de>
    b52a360b
xfs_vnodeops.c 57.3 KB