summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--fs/adfs/dir_fplus.c41
1 files changed, 31 insertions, 10 deletions
diff --git a/fs/adfs/dir_fplus.c b/fs/adfs/dir_fplus.c
index 393921f5121e..b83a74e9ff6d 100644
--- a/fs/adfs/dir_fplus.c
+++ b/fs/adfs/dir_fplus.c
@@ -16,6 +16,30 @@ static unsigned int adfs_fplus_offset(const struct adfs_bigdirheader *h,
pos * sizeof(struct adfs_bigdirentry);
}
+static int adfs_fplus_validate_header(const struct adfs_bigdirheader *h)
+{
+ unsigned int size = le32_to_cpu(h->bigdirsize);
+
+ if (h->bigdirversion[0] != 0 || h->bigdirversion[1] != 0 ||
+ h->bigdirversion[2] != 0 ||
+ h->bigdirstartname != cpu_to_le32(BIGDIRSTARTNAME) ||
+ size & 2047)
+ return -EIO;
+
+ return 0;
+}
+
+static int adfs_fplus_validate_tail(const struct adfs_bigdirheader *h,
+ const struct adfs_bigdirtail *t)
+{
+ if (t->bigdirendname != cpu_to_le32(BIGDIRENDNAME) ||
+ t->bigdirendmasseq != h->startmasseq ||
+ t->reserved[0] != 0 || t->reserved[1] != 0)
+ return -EIO;
+
+ return 0;
+}
+
static int adfs_fplus_read(struct super_block *sb, u32 indaddr,
unsigned int size, struct adfs_dir *dir)
{
@@ -30,6 +54,11 @@ static int adfs_fplus_read(struct super_block *sb, u32 indaddr,
return ret;
dir->bighead = h = (void *)dir->bhs[0]->b_data;
+ if (adfs_fplus_validate_header(h)) {
+ adfs_error(sb, "dir %06x has malformed header", indaddr);
+ goto out;
+ }
+
dirsize = le32_to_cpu(h->bigdirsize);
if (dirsize != size) {
adfs_msg(sb, KERN_WARNING,
@@ -37,13 +66,6 @@ static int adfs_fplus_read(struct super_block *sb, u32 indaddr,
indaddr, dirsize, size);
}
- if (h->bigdirversion[0] != 0 || h->bigdirversion[1] != 0 ||
- h->bigdirversion[2] != 0 || size & 2047 ||
- h->bigdirstartname != cpu_to_le32(BIGDIRSTARTNAME)) {
- adfs_error(sb, "dir %06x has malformed header", indaddr);
- goto out;
- }
-
/* Read remaining buffers */
ret = adfs_dir_read_buffers(sb, indaddr, dirsize, dir);
if (ret)
@@ -52,9 +74,8 @@ static int adfs_fplus_read(struct super_block *sb, u32 indaddr,
dir->bigtail = t = (struct adfs_bigdirtail *)
(dir->bhs[dir->nr_buffers - 1]->b_data + (sb->s_blocksize - 8));
- if (t->bigdirendname != cpu_to_le32(BIGDIRENDNAME) ||
- t->bigdirendmasseq != h->startmasseq ||
- t->reserved[0] != 0 || t->reserved[1] != 0) {
+ ret = adfs_fplus_validate_tail(h, t);
+ if (ret) {
adfs_error(sb, "dir %06x has malformed tail", indaddr);
goto out;
}