bpf: Prevent memory disambiguation attack
[linux/fpc-iii.git] / fs / isofs / namei.c
blobcac468f04820e9669b1f59ba9632c420b52b2bce
1 // SPDX-License-Identifier: GPL-2.0
2 /*
3 * linux/fs/isofs/namei.c
5 * (C) 1992 Eric Youngdale Modified for ISO 9660 filesystem.
7 * (C) 1991 Linus Torvalds - minix filesystem
8 */
10 #include <linux/gfp.h>
11 #include "isofs.h"
14 * ok, we cannot use strncmp, as the name is not in our data space.
15 * Thus we'll have to use isofs_match. No big problem. Match also makes
16 * some sanity tests.
18 static int
19 isofs_cmp(struct dentry *dentry, const char *compare, int dlen)
21 struct qstr qstr;
22 qstr.name = compare;
23 qstr.len = dlen;
24 if (likely(!dentry->d_op))
25 return dentry->d_name.len != dlen || memcmp(dentry->d_name.name, compare, dlen);
26 return dentry->d_op->d_compare(NULL, dentry->d_name.len, dentry->d_name.name, &qstr);
30 * isofs_find_entry()
32 * finds an entry in the specified directory with the wanted name. It
33 * returns the inode number of the found entry, or 0 on error.
35 static unsigned long
36 isofs_find_entry(struct inode *dir, struct dentry *dentry,
37 unsigned long *block_rv, unsigned long *offset_rv,
38 char *tmpname, struct iso_directory_record *tmpde)
40 unsigned long bufsize = ISOFS_BUFFER_SIZE(dir);
41 unsigned char bufbits = ISOFS_BUFFER_BITS(dir);
42 unsigned long block, f_pos, offset, block_saved, offset_saved;
43 struct buffer_head *bh = NULL;
44 struct isofs_sb_info *sbi = ISOFS_SB(dir->i_sb);
46 if (!ISOFS_I(dir)->i_first_extent)
47 return 0;
49 f_pos = 0;
50 offset = 0;
51 block = 0;
53 while (f_pos < dir->i_size) {
54 struct iso_directory_record *de;
55 int de_len, match, i, dlen;
56 char *dpnt;
58 if (!bh) {
59 bh = isofs_bread(dir, block);
60 if (!bh)
61 return 0;
64 de = (struct iso_directory_record *) (bh->b_data + offset);
66 de_len = *(unsigned char *) de;
67 if (!de_len) {
68 brelse(bh);
69 bh = NULL;
70 f_pos = (f_pos + ISOFS_BLOCK_SIZE) & ~(ISOFS_BLOCK_SIZE - 1);
71 block = f_pos >> bufbits;
72 offset = 0;
73 continue;
76 block_saved = bh->b_blocknr;
77 offset_saved = offset;
78 offset += de_len;
79 f_pos += de_len;
81 /* Make sure we have a full directory entry */
82 if (offset >= bufsize) {
83 int slop = bufsize - offset + de_len;
84 memcpy(tmpde, de, slop);
85 offset &= bufsize - 1;
86 block++;
87 brelse(bh);
88 bh = NULL;
89 if (offset) {
90 bh = isofs_bread(dir, block);
91 if (!bh)
92 return 0;
93 memcpy((void *) tmpde + slop, bh->b_data, offset);
95 de = tmpde;
98 dlen = de->name_len[0];
99 dpnt = de->name;
100 /* Basic sanity check, whether name doesn't exceed dir entry */
101 if (de_len < dlen + sizeof(struct iso_directory_record)) {
102 printk(KERN_NOTICE "iso9660: Corrupted directory entry"
103 " in block %lu of inode %lu\n", block,
104 dir->i_ino);
105 return 0;
108 if (sbi->s_rock &&
109 ((i = get_rock_ridge_filename(de, tmpname, dir)))) {
110 dlen = i; /* possibly -1 */
111 dpnt = tmpname;
112 #ifdef CONFIG_JOLIET
113 } else if (sbi->s_joliet_level) {
114 dlen = get_joliet_filename(de, tmpname, dir);
115 dpnt = tmpname;
116 #endif
117 } else if (sbi->s_mapping == 'a') {
118 dlen = get_acorn_filename(de, tmpname, dir);
119 dpnt = tmpname;
120 } else if (sbi->s_mapping == 'n') {
121 dlen = isofs_name_translate(de, tmpname, dir);
122 dpnt = tmpname;
126 * Skip hidden or associated files unless hide or showassoc,
127 * respectively, is set
129 match = 0;
130 if (dlen > 0 &&
131 (!sbi->s_hide ||
132 (!(de->flags[-sbi->s_high_sierra] & 1))) &&
133 (sbi->s_showassoc ||
134 (!(de->flags[-sbi->s_high_sierra] & 4)))) {
135 if (dpnt && (dlen > 1 || dpnt[0] > 1))
136 match = (isofs_cmp(dentry, dpnt, dlen) == 0);
138 if (match) {
139 isofs_normalize_block_and_offset(de,
140 &block_saved,
141 &offset_saved);
142 *block_rv = block_saved;
143 *offset_rv = offset_saved;
144 brelse(bh);
145 return 1;
148 brelse(bh);
149 return 0;
152 struct dentry *isofs_lookup(struct inode *dir, struct dentry *dentry, unsigned int flags)
154 int found;
155 unsigned long uninitialized_var(block);
156 unsigned long uninitialized_var(offset);
157 struct inode *inode;
158 struct page *page;
160 page = alloc_page(GFP_USER);
161 if (!page)
162 return ERR_PTR(-ENOMEM);
164 found = isofs_find_entry(dir, dentry,
165 &block, &offset,
166 page_address(page),
167 1024 + page_address(page));
168 __free_page(page);
170 inode = found ? isofs_iget(dir->i_sb, block, offset) : NULL;
172 return d_splice_alias(inode, dentry);