Return ENAMETOOLONG error code if the symlink name exceeds YAFFS_MAX_NAME_LENGTH and
respectively for symlink alias if it exceeds YAFFS_MAX_ALIAS_LENGTH.
Otherwise, the symlink will be incorrect. Will point to non existing object or will
have a truncated name.
Signed-off-by: Waldemar Rymarkiewicz <waldemar.rymarkiewicz@gmail.com>
---
yaffs_vfs_multi.c | 8 ++++++++
yaffs_vfs_single.c | 8 ++++++++
2 files changed, 16 insertions(+), 0 deletions(-)
diff --git a/yaffs_vfs_multi.c b/yaffs_vfs_multi.c
index b8e5124..db787f2 100644
--- a/yaffs_vfs_multi.c
+++ b/yaffs_vfs_multi.c
@@ -1809,6 +1809,14 @@ static int yaffs_symlink(struct inode *dir, struct dentry *dentry,
yaffs_trace(YAFFS_TRACE_OS, "yaffs_symlink");
+ if (strnlen(dentry->d_name.name, YAFFS_MAX_NAME_LENGTH + 1) >
+ YAFFS_MAX_NAME_LENGTH)
+ return -ENAMETOOLONG;
+
+ if (strnlen(symname, YAFFS_MAX_ALIAS_LENGTH + 1) >
+ YAFFS_MAX_ALIAS_LENGTH)
+ return -ENAMETOOLONG;
+
dev = yaffs_inode_to_obj(dir)->my_dev;
yaffs_gross_lock(dev);
obj = yaffs_create_symlink(yaffs_inode_to_obj(dir), dentry->d_name.name,
diff --git a/yaffs_vfs_single.c b/yaffs_vfs_single.c
index f822845..c716a2c 100644
--- a/yaffs_vfs_single.c
+++ b/yaffs_vfs_single.c
@@ -338,6 +338,14 @@ static int yaffs_symlink(struct inode *dir, struct dentry *dentry,
yaffs_trace(YAFFS_TRACE_OS, "yaffs_symlink");
+ if (strnlen(dentry->d_name.name, YAFFS_MAX_NAME_LENGTH + 1) >
+ YAFFS_MAX_NAME_LENGTH)
+ return -ENAMETOOLONG;
+
+ if (strnlen(symname, YAFFS_MAX_ALIAS_LENGTH + 1) >
+ YAFFS_MAX_ALIAS_LENGTH)
+ return -ENAMETOOLONG;
+
dev = yaffs_inode_to_obj(dir)->my_dev;
yaffs_gross_lock(dev);
obj = yaffs_create_symlink(yaffs_inode_to_obj(dir), dentry->d_name.name,
--
1.7.8
(text/plain)