Skip to content

Commit 066b9cd

Browse files
jankarajankara
committed
udf: Use separate buffer for copying split names
Code in udf_find_entry() and udf_readdir() used the same buffer for storing filename that was split among blocks and for the resulting filename in utf8. This worked because udf_get_filename() first internally copied the name into a different buffer and only then performed a conversion into the destination buffer. However we want to get rid of intermediate buffers so use separate buffer for converted name and name split between blocks so that we don't have the same source and destination buffer when converting split names. Signed-off-by: Jan Kara <jack@suse.cz>
1 parent 9fba705 commit 066b9cd

File tree

2 files changed

+22
-4
lines changed

2 files changed

+22
-4
lines changed

fs/udf/dir.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,7 @@ static int udf_readdir(struct file *file, struct dir_context *ctx)
4545
int block, iblock;
4646
loff_t nf_pos;
4747
int flen;
48-
unsigned char *fname = NULL;
48+
unsigned char *fname = NULL, *copy_name = NULL;
4949
unsigned char *nameptr;
5050
uint16_t liu;
5151
uint8_t lfi;
@@ -143,7 +143,15 @@ static int udf_readdir(struct file *file, struct dir_context *ctx)
143143
if (poffset >= lfi) {
144144
nameptr = (char *)(fibh.ebh->b_data + poffset - lfi);
145145
} else {
146-
nameptr = fname;
146+
if (!copy_name) {
147+
copy_name = kmalloc(UDF_NAME_LEN,
148+
GFP_NOFS);
149+
if (!copy_name) {
150+
ret = -ENOMEM;
151+
goto out;
152+
}
153+
}
154+
nameptr = copy_name;
147155
memcpy(nameptr, fi->fileIdent + liu,
148156
lfi - poffset);
149157
memcpy(nameptr + lfi - poffset,
@@ -185,6 +193,7 @@ static int udf_readdir(struct file *file, struct dir_context *ctx)
185193
brelse(fibh.sbh);
186194
brelse(epos.bh);
187195
kfree(fname);
196+
kfree(copy_name);
188197

189198
return ret;
190199
}

fs/udf/namei.c

Lines changed: 11 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -165,7 +165,7 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir,
165165
struct fileIdentDesc *fi = NULL;
166166
loff_t f_pos;
167167
int block, flen;
168-
unsigned char *fname = NULL;
168+
unsigned char *fname = NULL, *copy_name = NULL;
169169
unsigned char *nameptr;
170170
uint8_t lfi;
171171
uint16_t liu;
@@ -236,7 +236,15 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir,
236236
nameptr = (uint8_t *)(fibh->ebh->b_data +
237237
poffset - lfi);
238238
else {
239-
nameptr = fname;
239+
if (!copy_name) {
240+
copy_name = kmalloc(UDF_NAME_LEN,
241+
GFP_NOFS);
242+
if (!copy_name) {
243+
fi = ERR_PTR(-ENOMEM);
244+
goto out_err;
245+
}
246+
}
247+
nameptr = copy_name;
240248
memcpy(nameptr, fi->fileIdent + liu,
241249
lfi - poffset);
242250
memcpy(nameptr + lfi - poffset,
@@ -279,6 +287,7 @@ static struct fileIdentDesc *udf_find_entry(struct inode *dir,
279287
out_ok:
280288
brelse(epos.bh);
281289
kfree(fname);
290+
kfree(copy_name);
282291

283292
return fi;
284293
}

0 commit comments

Comments
 (0)