From bc5b8a9003132ae44559edd63a1623b7b99dfb68 Mon Sep 17 00:00:00 2001 From: Dan Carpenter Date: Mon, 14 Nov 2011 17:52:08 +0300 Subject: hfs: add sanity check for file name length On a corrupted file system the ->len field could be wrong leading to a buffer overflow. Reported-and-acked-by: Clement LECIGNE Signed-off-by: Dan Carpenter Cc: stable@kernel.org Signed-off-by: Linus Torvalds --- fs/hfs/trans.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'fs/hfs/trans.c') diff --git a/fs/hfs/trans.c b/fs/hfs/trans.c index e673a88b8ae7..b1ce4c7ad3fb 100644 --- a/fs/hfs/trans.c +++ b/fs/hfs/trans.c @@ -40,6 +40,8 @@ int hfs_mac2asc(struct super_block *sb, char *out, const struct hfs_name *in) src = in->name; srclen = in->len; + if (srclen > HFS_NAMELEN) + srclen = HFS_NAMELEN; dst = out; dstlen = HFS_MAX_NAMELEN; if (nls_io) { -- cgit v1.2.1