• Linus Torvalds's avatar
    readdir: be more conservative with directory entry names · 2c6b7bcd
    Linus Torvalds authored
    Commit 8a23eb80 ("Make filldir[64]() verify the directory entry
    filename is valid") added some minimal validity checks on the directory
    entries passed to filldir[64]().  But they really were pretty minimal.
    
    This fleshes out at least the name length check: we used to disallow
    zero-length names, but really, negative lengths or oevr-long names
    aren't ok either.  Both could happen if there is some filesystem
    corruption going on.
    
    Now, most filesystems tend to use just an "unsigned char" or similar for
    the length of a directory entry name, so even with a corrupt filesystem
    you should never see anything odd like that.  But since we then use the
    name length to create the directory entry record length, let's make sure
    it actually is half-way sensible.
    
    Note how POSIX states that the size of a path component is limited by
    NAME_MAX, but we actually use PATH_MAX for the check here.  That's
    because while NAME_MAX is generally the correct maximum name length
    (it's 255, for the same old "name length is usually just a byte on
    disk"), there's nothing in the VFS layer that really cares.
    
    So the real limitation at a VFS layer is the total pathname length you
    can pass as a filename: PATH_MAX.
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    2c6b7bcd
readdir.c 13.5 KB