Attachment #58067 for bug #86784

View | Details | Raw Unified | Return to bug 86784
Collapse All | Expand All




  if(LEN & 1) LEN++;						\
  CHR = ((unsigned char *) DE) + LEN;				\
  LEN = *((unsigned char *) DE) - LEN;                          \
  if (LEN<0) LEN=0;                                             \
  if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1)                \
  {                                                             \
     LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset;                \

    struct rock_ridge * rr;
    int sig;
    
    while (len > 2){ /* There may be one byte for padding somewhere */
      rr = (struct rock_ridge *) chr;
      if (rr->len < 3) goto out; /* Something got screwed up here */
      sig = isonum_721(chr);
      chr += rr->len; 
      len -= rr->len;
      if (len < 0) goto out;	/* corrupted isofs */

      switch(sig){
      case SIG('R','R'):

	break;
      case SIG('N','M'):
	if (truncate) break;
	if (rr->len < 5) break;
        /*
	 * If the flags are 2 or 4, this indicates '.' or '..'.
	 * We don't want to do anything with this, because it

    struct rock_ridge * rr;
    int rootflag;
    
    while (len > 2){ /* There may be one byte for padding somewhere */
      rr = (struct rock_ridge *) chr;
      if (rr->len < 3) goto out; /* Something got screwed up here */
      sig = isonum_721(chr);
      chr += rr->len; 
      len -= rr->len;
      if (len < 0) goto out;	/* corrupted isofs */
      
      switch(sig){
#ifndef CONFIG_ZISOFS		/* No flag for SF or ZF */

	struct rock_ridge *rr;

	if (!ISOFS_SB(inode->i_sb)->s_rock)
		goto error;

	block = ei->i_iget5_block;
	lock_kernel();

	SETUP_ROCK_RIDGE(raw_inode, chr, len);

      repeat:
	while (len > 2) { /* There may be one byte for padding somewhere */
		rr = (struct rock_ridge *) chr;
		if (rr->len < 3)
			goto out;	/* Something got screwed up here */
		sig = isonum_721(chr);
		chr += rr->len;
		len -= rr->len;
		if (len < 0)
			goto out;	/* corrupted isofs */

		switch (sig) {
		case SIG('R', 'R'):

      fail:
	brelse(bh);
	unlock_kernel();
      error:
	SetPageError(page);
	kunmap(page);
	unlock_page(page);

Return to bug 86784

Lines 53-58 Link Here

(-)a/fs/isofs/rock.c (-7 / +14 lines)
53	if(LEN & 1) LEN++; \	53	if(LEN & 1) LEN++; \
54	CHR = ((unsigned char *) DE) + LEN; \	54	CHR = ((unsigned char *) DE) + LEN; \
55	LEN = ((unsigned char ) DE) - LEN; \	55	LEN = ((unsigned char ) DE) - LEN; \
		56	if (LEN<0) LEN=0; \
56	if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \	57	if (ISOFS_SB(inode->i_sb)->s_rock_offset!=-1) \
57	{ \	58	{ \
58	LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \	59	LEN-=ISOFS_SB(inode->i_sb)->s_rock_offset; \
Lines 103-114 Link Here
103	struct rock_ridge * rr;	104	struct rock_ridge * rr;
104	int sig;	105	int sig;
105		106
106	while (len > 1){ /* There may be one byte for padding somewhere */	107	while (len > 2){ /* There may be one byte for padding somewhere */
107	rr = (struct rock_ridge *) chr;	108	rr = (struct rock_ridge *) chr;
108	if (rr->len == 0) goto out; /* Something got screwed up here */	109	if (rr->len < 3) goto out; /* Something got screwed up here */
109	sig = isonum_721(chr);	110	sig = isonum_721(chr);
110	chr += rr->len;	111	chr += rr->len;
111	len -= rr->len;	112	len -= rr->len;
		113	if (len < 0) goto out; /* corrupted isofs */
112		114
113	switch(sig){	115	switch(sig){
114	case SIG('R','R'):	116	case SIG('R','R'):
Lines 122-127 Link Here
122	break;	124	break;
123	case SIG('N','M'):	125	case SIG('N','M'):
124	if (truncate) break;	126	if (truncate) break;
		127	if (rr->len < 5) break;
125	/*	128	/*
126	* If the flags are 2 or 4, this indicates '.' or '..'.	129	* If the flags are 2 or 4, this indicates '.' or '..'.
127	* We don't want to do anything with this, because it	130	* We don't want to do anything with this, because it
Lines 186-197 Link Here
186	struct rock_ridge * rr;	189	struct rock_ridge * rr;
187	int rootflag;	190	int rootflag;
188		191
189	while (len > 1){ /* There may be one byte for padding somewhere */	192	while (len > 2){ /* There may be one byte for padding somewhere */
190	rr = (struct rock_ridge *) chr;	193	rr = (struct rock_ridge *) chr;
191	if (rr->len == 0) goto out; /* Something got screwed up here */	194	if (rr->len < 3) goto out; /* Something got screwed up here */
192	sig = isonum_721(chr);	195	sig = isonum_721(chr);
193	chr += rr->len;	196	chr += rr->len;
194	len -= rr->len;	197	len -= rr->len;
		198	if (len < 0) goto out; /* corrupted isofs */
195		199
196	switch(sig){	200	switch(sig){
197	#ifndef CONFIG_ZISOFS /* No flag for SF or ZF */	201	#ifndef CONFIG_ZISOFS /* No flag for SF or ZF */
Lines 462-468 Link Here
462	struct rock_ridge *rr;	466	struct rock_ridge *rr;
463		467
464	if (!ISOFS_SB(inode->i_sb)->s_rock)	468	if (!ISOFS_SB(inode->i_sb)->s_rock)
465	panic ("Cannot have symlink with high sierra variant of iso filesystem\n");	469	goto error;
466		470
467	block = ei->i_iget5_block;	471	block = ei->i_iget5_block;
468	lock_kernel();	472	lock_kernel();
Lines 487-499 Link Here
487	SETUP_ROCK_RIDGE(raw_inode, chr, len);	491	SETUP_ROCK_RIDGE(raw_inode, chr, len);
488		492
489	repeat:	493	repeat:
490	while (len > 1) { /* There may be one byte for padding somewhere */	494	while (len > 2) { /* There may be one byte for padding somewhere */
491	rr = (struct rock_ridge *) chr;	495	rr = (struct rock_ridge *) chr;
492	if (rr->len == 0)	496	if (rr->len < 3)
493	goto out; /* Something got screwed up here */	497	goto out; /* Something got screwed up here */
494	sig = isonum_721(chr);	498	sig = isonum_721(chr);
495	chr += rr->len;	499	chr += rr->len;
496	len -= rr->len;	500	len -= rr->len;
		501	if (len < 0)
		502	goto out; /* corrupted isofs */
497		503
498	switch (sig) {	504	switch (sig) {
499	case SIG('R', 'R'):	505	case SIG('R', 'R'):
Lines 543-548 Link Here
543	fail:	549	fail:
544	brelse(bh);	550	brelse(bh);
545	unlock_kernel();	551	unlock_kernel();
		552	error:
546	SetPageError(page);	553	SetPageError(page);
547	kunmap(page);	554	kunmap(page);
548	unlock_page(page);	555	unlock_page(page);