+17

fs/xfs/libxfs/xfs_dir2.c

reviewed

··· 703 703 xfs_trans_log_inode(tp, dp, XFS_ILOG_CORE); 704 704 return 0; 705 705 } 706 706 + 707 707 + /* Returns true if the directory entry name is valid. */ 708 708 + bool 709 709 + xfs_dir2_namecheck( 710 710 + const void *name, 711 711 + size_t length) 712 712 + { 713 713 + /* 714 714 + * MAXNAMELEN includes the trailing null, but (name/length) leave it 715 715 + * out, so use >= for the length check. 716 716 + */ 717 717 + if (length >= MAXNAMELEN) 718 718 + return false; 719 719 + 720 720 + /* There shouldn't be any slashes or nulls here */ 721 721 + return !memchr(name, '/', length) && !memchr(name, 0, length); 722 722 + }

+1

fs/xfs/libxfs/xfs_dir2.h

reviewed

··· 326 326 unsigned char xfs_dir3_get_dtype(struct xfs_mount *mp, uint8_t filetype); 327 327 void *xfs_dir3_data_endp(struct xfs_da_geometry *geo, 328 328 struct xfs_dir2_data_hdr *hdr); 329 329 + bool xfs_dir2_namecheck(const void *name, size_t length); 329 330 330 331 #endif /* __XFS_DIR2_H__ */

+6

fs/xfs/scrub/dir.c

reviewed

··· 129 129 goto out; 130 130 } 131 131 132 132 + /* Does this name make sense? */ 133 133 + if (!xfs_dir2_namecheck(name, namelen)) { 134 134 + xchk_fblock_set_corrupt(sdc->sc, XFS_DATA_FORK, offset); 135 135 + goto out; 136 136 + } 137 137 + 132 138 if (!strncmp(".", name, namelen)) { 133 139 /* If this is "." then check that the inum matches the dir. */ 134 140 if (xfs_sb_version_hasftype(&mp->m_sb) && type != DT_DIR)