Commit 6a98297e authored by Anton Altaparmakov's avatar Anton Altaparmakov

NTFS: Fix potential 1 byte overflow in fs/ntfs/unistr.c::ntfs_ucstonls().

Also, minor updates/fixes to docs and comments.
parent 19a27c50
...@@ -91,9 +91,9 @@ case_sensitive=<BOOL> If case_sensitive is specified, treat all file names as ...@@ -91,9 +91,9 @@ case_sensitive=<BOOL> If case_sensitive is specified, treat all file names as
driver will never create short file names and will driver will never create short file names and will
remove them on rename/delete of the corresponding long remove them on rename/delete of the corresponding long
file name. file name.
Note that by default / when case_sensitive is set to Note that files remain accessible via their short file
FALSE, files remain accessible via their short file name, if it exists. If case_sensitive, you will need to
name, if it exists. provide the correct case of the short file name.
errors=opt What to do when critical file system errors are found. errors=opt What to do when critical file system errors are found.
Following values can be used for "opt": Following values can be used for "opt":
......
...@@ -33,9 +33,8 @@ ToDo: ...@@ -33,9 +33,8 @@ ToDo:
- Add new mount option case_sensitive, to determine if the driver - Add new mount option case_sensitive, to determine if the driver
treats file names as case sensitive or not. If case sensitive, create treats file names as case sensitive or not. If case sensitive, create
file names in the POSIX namespace. Otherwise create file names in the file names in the POSIX namespace. Otherwise create file names in the
LONG/WIN32 namespace. By default, or when case_sensitive is set to LONG/WIN32 namespace. Note, files remain accessible via their short
FALSE, files remain accessible via their short file name, if it file name, if it exists.
exists.
- Remove really dumb logic bug in boot sector recovery code. - Remove really dumb logic bug in boot sector recovery code.
- Fix dcache aliasing issues wrt short/long file names via changes - Fix dcache aliasing issues wrt short/long file names via changes
to fs/ntfs/dir.c::ntfs_lookup_inode_by_name() and to fs/ntfs/dir.c::ntfs_lookup_inode_by_name() and
...@@ -44,6 +43,7 @@ ToDo: ...@@ -44,6 +43,7 @@ ToDo:
return information about the matching file name if the case is not return information about the matching file name if the case is not
matching or the match is a short file name. See comments above the matching or the match is a short file name. See comments above the
function definition for details. function definition for details.
- Fix potential 1 byte overflow in fs/ntfs/unistr.c::ntfs_ucstonls().
- TODO: (AIA) Change ntfs_lookup()... - TODO: (AIA) Change ntfs_lookup()...
2.0.7 - Minor cleanups and updates for changes in core kernel code. 2.0.7 - Minor cleanups and updates for changes in core kernel code.
......
...@@ -200,7 +200,7 @@ u64 ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const uchar_t *uname, ...@@ -200,7 +200,7 @@ u64 ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const uchar_t *uname,
"and if that doesn't find any " "and if that doesn't find any "
"errors please report you saw " "errors please report you saw "
"this message to " "this message to "
"linux-ntfs@lists.sf.net."); "linux-ntfs-dev@lists.sf.net.");
goto dir_err_out; goto dir_err_out;
} }
...@@ -456,7 +456,7 @@ u64 ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const uchar_t *uname, ...@@ -456,7 +456,7 @@ u64 ntfs_lookup_inode_by_name(ntfs_inode *dir_ni, const uchar_t *uname,
"and if that doesn't find any " "and if that doesn't find any "
"errors please report you saw " "errors please report you saw "
"this message to " "this message to "
"linux-ntfs@lists.sf.net."); "linux-ntfs-dev@lists.sf.net.");
ntfs_unmap_page(page); ntfs_unmap_page(page);
goto dir_err_out; goto dir_err_out;
} }
......
...@@ -333,7 +333,7 @@ int ntfs_ucstonls(const ntfs_volume *vol, const uchar_t *ins, ...@@ -333,7 +333,7 @@ int ntfs_ucstonls(const ntfs_volume *vol, const uchar_t *ins,
} }
if (!ns) { if (!ns) {
ns_len = ins_len * NLS_MAX_CHARSET_SIZE; ns_len = ins_len * NLS_MAX_CHARSET_SIZE;
ns = (unsigned char*)kmalloc(ns_len, GFP_NOFS); ns = (unsigned char*)kmalloc(ns_len + 1, GFP_NOFS);
if (!ns) if (!ns)
goto mem_err_out; goto mem_err_out;
} }
...@@ -352,7 +352,7 @@ retry: wc = nls->uni2char(le16_to_cpu(ins[i]), ns + o, ...@@ -352,7 +352,7 @@ retry: wc = nls->uni2char(le16_to_cpu(ins[i]), ns + o,
~63, GFP_NOFS); ~63, GFP_NOFS);
if (tc) { if (tc) {
memcpy(tc, ns, ns_len); memcpy(tc, ns, ns_len);
ns_len = (ns_len + 64) & ~63; ns_len = ((ns_len + 64) & ~63) - 1;
kfree(ns); kfree(ns);
ns = tc; ns = tc;
goto retry; goto retry;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment