Return ENAMETOOLONG error code if the symlink name exceeds YAFFS_MAX_NAME_LENGTH and respectively for symlink alias if it exceeds YAFFS_MAX_ALIAS_LENGTH. Otherwise, the symlink will be incorrect. Will point to non existing object or will have a truncated name. Signed-off-by: Waldemar Rymarkiewicz --- yaffs_vfs_multi.c | 8 ++++++++ yaffs_vfs_single.c | 8 ++++++++ 2 files changed, 16 insertions(+), 0 deletions(-) diff --git a/yaffs_vfs_multi.c b/yaffs_vfs_multi.c index b8e5124..db787f2 100644 --- a/yaffs_vfs_multi.c +++ b/yaffs_vfs_multi.c @@ -1809,6 +1809,14 @@ static int yaffs_symlink(struct inode *dir, struct dentry *dentry, yaffs_trace(YAFFS_TRACE_OS, "yaffs_symlink"); + if (strnlen(dentry->d_name.name, YAFFS_MAX_NAME_LENGTH + 1) > + YAFFS_MAX_NAME_LENGTH) + return -ENAMETOOLONG; + + if (strnlen(symname, YAFFS_MAX_ALIAS_LENGTH + 1) > + YAFFS_MAX_ALIAS_LENGTH) + return -ENAMETOOLONG; + dev = yaffs_inode_to_obj(dir)->my_dev; yaffs_gross_lock(dev); obj = yaffs_create_symlink(yaffs_inode_to_obj(dir), dentry->d_name.name, diff --git a/yaffs_vfs_single.c b/yaffs_vfs_single.c index f822845..c716a2c 100644 --- a/yaffs_vfs_single.c +++ b/yaffs_vfs_single.c @@ -338,6 +338,14 @@ static int yaffs_symlink(struct inode *dir, struct dentry *dentry, yaffs_trace(YAFFS_TRACE_OS, "yaffs_symlink"); + if (strnlen(dentry->d_name.name, YAFFS_MAX_NAME_LENGTH + 1) > + YAFFS_MAX_NAME_LENGTH) + return -ENAMETOOLONG; + + if (strnlen(symname, YAFFS_MAX_ALIAS_LENGTH + 1) > + YAFFS_MAX_ALIAS_LENGTH) + return -ENAMETOOLONG; + dev = yaffs_inode_to_obj(dir)->my_dev; yaffs_gross_lock(dev); obj = yaffs_create_symlink(yaffs_inode_to_obj(dir), dentry->d_name.name, -- 1.7.8