btrfs: Check name_len before read in iterate_dir_item

Since iterate_dir_item checks name_len in its own way,
so use btrfs_is_name_len_valid not 'verify_dir_item' to make more strict
name_len check.

Signed-off-by: Su Yue <suy.fnst@cn.fujitsu.com>
Reviewed-by: David Sterba <dsterba@suse.com>
[ switched ENAMETOOLONG to EIO ]
Signed-off-by: David Sterba <dsterba@suse.com>

diff --git a/fs/btrfs/send.c b/fs/btrfs/send.c
index a562dc2287944ff1c6679e722750c6b606c2d8ee..e937c10b8287594ff8ff1509599bfe6a0559376c 100644 (file)
--- a/fs/btrfs/send.c
+++ b/fs/btrfs/send.c
@@ -1069,6 +1069,12 @@ static int iterate_dir_item(struct btrfs_root *root, struct btrfs_path *path,
                        }
                }
 
+               ret = btrfs_is_name_len_valid(eb, path->slots[0],
+                         (unsigned long)(di + 1), name_len + data_len);
+               if (!ret) {
+                       ret = -EIO;
+                       goto out;
+               }
                if (name_len + data_len > buf_len) {
                        buf_len = name_len + data_len;
                        if (is_vmalloc_addr(buf)) {