summaryrefslogtreecommitdiffstats
path: root/fs/ubifs/debug.h
diff options
context:
space:
mode:
authorZhihao Cheng <chengzhihao1@huawei.com>2020-06-16 15:11:42 +0800
committerRichard Weinberger <richard@nod.at>2020-12-13 22:11:36 +0100
commitc4c0d19d39d26c5f58633f8fcca75f03b2854fc0 (patch)
tree48798c6e138df8a951a2f7258f0a0ac37b9d6a24 /fs/ubifs/debug.h
parent32f6ccc743b89bb4c51d4a868ffdb6ebda2909cf (diff)
downloadlinux-c4c0d19d39d26c5f58633f8fcca75f03b2854fc0.tar.gz
linux-c4c0d19d39d26c5f58633f8fcca75f03b2854fc0.tar.bz2
linux-c4c0d19d39d26c5f58633f8fcca75f03b2854fc0.zip
ubifs: Limit dumping length by size of memory which is allocated for the node
To prevent memory out-of-bounds accessing in ubifs_dump_node(), actual dumping length should be restricted by another condition(size of memory which is allocated for the node). This patch handles following situations (These situations may be caused by bit flipping due to hardware error, writing bypass ubifs, unknown bugs in ubifs, etc.): 1. bad node_len: Dumping data according to 'ch->len' which may exceed the size of memory allocated for node. 2. bad node content: Some kinds of node can record additional data, eg. index node and orphan node, make sure the size of additional data not beyond the node length. 3. node_type changes: Read data according to type A, but expected type B, before that, node is allocated according to type B's size. Length of type A node is greater than type B node. Signed-off-by: Zhihao Cheng <chengzhihao1@huawei.com> Signed-off-by: Richard Weinberger <richard@nod.at>
Diffstat (limited to 'fs/ubifs/debug.h')
-rw-r--r--fs/ubifs/debug.h3
1 files changed, 2 insertions, 1 deletions
diff --git a/fs/ubifs/debug.h b/fs/ubifs/debug.h
index 7763639a426b..42610fa5f3a7 100644
--- a/fs/ubifs/debug.h
+++ b/fs/ubifs/debug.h
@@ -242,7 +242,8 @@ const char *dbg_get_key_dump(const struct ubifs_info *c,
const char *dbg_snprintf_key(const struct ubifs_info *c,
const union ubifs_key *key, char *buffer, int len);
void ubifs_dump_inode(struct ubifs_info *c, const struct inode *inode);
-void ubifs_dump_node(const struct ubifs_info *c, const void *node);
+void ubifs_dump_node(const struct ubifs_info *c, const void *node,
+ int node_len);
void ubifs_dump_budget_req(const struct ubifs_budget_req *req);
void ubifs_dump_lstats(const struct ubifs_lp_stats *lst);
void ubifs_dump_budg(struct ubifs_info *c, const struct ubifs_budg_info *bi);