f2fs: check if file namelen exceeds max value

Dentry bitmap is not enough to detect incorrect dentries. So this patch
also checks the namelen value of a dentry.

Signed-off-by: Gong Chen <gongchen4@huawei.com>
Signed-off-by: Sheng Yong <shengyong1@huawei.com>
Reviewed-by: Chao Yu <yuchao0@huawei.com>
Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

diff --git a/fs/f2fs/dir.c b/fs/f2fs/dir.c
index 926166528cd43a690e1feed056f53c15a4a5174f..ba7535399d957c719b398de91cabcec3a83d0255 100644 (file)
--- a/fs/f2fs/dir.c
+++ b/fs/f2fs/dir.c
@@ -814,7 +814,8 @@ int f2fs_fill_dentries(struct dir_context *ctx, struct f2fs_dentry_ptr *d,
 
                /* check memory boundary before moving forward */
                bit_pos += GET_DENTRY_SLOTS(le16_to_cpu(de->name_len));
-               if (unlikely(bit_pos > d->max)) {
+               if (unlikely(bit_pos > d->max ||
+                               le16_to_cpu(de->name_len) > F2FS_NAME_LEN)) {
                        f2fs_msg(sbi->sb, KERN_WARNING,
                                "%s: corrupted namelen=%d, run fsck to fix.",
                                __func__, le16_to_cpu(de->name_len));