fs/f2fs: Do not copy file names that are too long

A corrupt f2fs file system might specify a name length which is greater
than the maximum name length supported by the GRUB f2fs driver.

We will allocate enough memory to store the overly long name, but there
are only F2FS_NAME_LEN bytes in the source, so we would read past the end
of the source.

While checking directory entries, do not copy a file name with an invalid
length.

Signed-off-by: Sudhakar Kuppusamy <sudhakar@linux.ibm.com>
Signed-off-by: Daniel Axtens <dja@axtens.net>
Reviewed-by: Daniel Kiper <daniel.kiper@oracle.com>

diff --git a/grub-core/fs/f2fs.c b/grub-core/fs/f2fs.c
index 8898b235e061e43e570058623c59025a3a49301c..df6beb544cbd201b1dbf32e9b17149104e4891fd 100644 (file)
--- a/grub-core/fs/f2fs.c
+++ b/grub-core/fs/f2fs.c
@@ -1003,6 +1003,10 @@ grub_f2fs_check_dentries (struct grub_f2fs_dir_iter_ctx *ctx)
 
       ftype = ctx->dentry[i].file_type;
       name_len = grub_le_to_cpu16 (ctx->dentry[i].name_len);
+
+      if (name_len >= F2FS_NAME_LEN)
+        return 0;
+
       filename = grub_malloc (name_len + 1);
       if (!filename)
         return 0;