commit 8dc0d6a11e7d985dd466ce0a8c71eaea50dd7cc6
author Jaegeuk Kim <jaegeuk@kernel.org> Thu Dec 24 16:13:09 2015 -0800
committer Jaegeuk Kim <jaegeuk@kernel.org> Wed Dec 30 10:14:19 2015 -0800
tree 46ffa60753b849730256f2b5655eb090dd3675fb
parent e96248bb45d42375b23e1c083ec5a55151503e82

f2fs: early check broken symlink length in the encrypted case

If link is broken, its len is zero, and we don't need to move forward.

Signed-off-by: Jaegeuk Kim <jaegeuk@kernel.org>

fs/f2fs/namei.c

diff --git a/fs/f2fs/namei.c b/fs/f2fs/namei.c
index fb41c80..6c4a943 100644
--- a/fs/f2fs/namei.c
+++ b/fs/f2fs/namei.c
@@ -931,7 +931,7 @@
 {
 	struct page *cpage = NULL;
 	char *caddr, *paddr = NULL;
-	struct f2fs_str cstr;
+	struct f2fs_str cstr = FSTR_INIT(NULL, 0);
 	struct f2fs_str pstr = FSTR_INIT(NULL, 0);
 	struct inode *inode = d_inode(dentry);
 	struct f2fs_encrypted_symlink_data *sd;
@@ -952,6 +952,12 @@
 	/* Symlink is encrypted */
 	sd = (struct f2fs_encrypted_symlink_data *)caddr;
 	cstr.len = le16_to_cpu(sd->len);
+
+	/* this is broken symlink case */
+	if (unlikely(cstr.len == 0)) {
+		res = -ENOENT;
+		goto errout;
+	}
 	cstr.name = kmalloc(cstr.len, GFP_NOFS);
 	if (!cstr.name) {
 		res = -ENOMEM;
@@ -960,7 +966,7 @@
 	memcpy(cstr.name, sd->encrypted_path, cstr.len);
 
 	/* this is broken symlink case */
-	if (cstr.name[0] == 0 && cstr.len == 0) {
+	if (unlikely(cstr.name[0] == 0)) {
 		res = -ENOENT;
 		goto errout;
 	}