[PATCH V2 resend] FS/OMFS: block number sanity check during fill_super operation

[Fabian Frederick]

This patch defines maximum block number to 2^31.
It also converts bitmap_size and array_size to
unsigned int in omfs_get_imap

Suggested-By: Linus Torvalds <torva...@linux-foundation.org>
Suggested-By: Bob Copeland <m...@bobcopeland.com>
Cc: Linus Torvalds <torva...@linux-foundation.org>
Cc: Bob Copeland <m...@bobcopeland.com>
Cc: Andrew Morton <a...@linux-foundation.org>
Signed-off-by: Fabian Frederick <f...@skynet.be>
---
This is untested.

V2: 
   use 1ul<<31 instead of 1<<31 to avoid comparing to negative value
   (suggested by Linus Torvalds).

 fs/omfs/inode.c   | 10 +++++++---
 fs/omfs/omfs_fs.h |  1 +
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/fs/omfs/inode.c b/fs/omfs/inode.c
index ba88197..138321b 100644
--- a/fs/omfs/inode.c
+++ b/fs/omfs/inode.c
@@ -306,9 +306,7 @@ static const struct super_operations omfs_sops = {
  */
 static int omfs_get_imap(struct super_block *sb)
 {
-       int bitmap_size;
-       int array_size;
-       int count;
+       unsigned int bitmap_size, count, array_size;
        struct omfs_sb_info *sbi = OMFS_SB(sb);
        struct buffer_head *bh;
        unsigned long **ptr;
@@ -473,6 +471,12 @@ static int omfs_fill_super(struct super_block *sb, void 
*data, int silent)
        sbi->s_sys_blocksize = be32_to_cpu(omfs_sb->s_sys_blocksize);
        mutex_init(&sbi->s_bitmap_lock);
 
+       if (sbi->s_num_blocks > OMFS_MAX_BLOCKS) {
+               printk(KERN_ERR "omfs: sysblock number (%llx) is out of 
range\n",
+                      (unsigned long long)sbi->s_num_blocks);
+               goto out_brelse_bh;
+       }
+
        if (sbi->s_sys_blocksize > PAGE_SIZE) {
                printk(KERN_ERR "omfs: sysblock size (%d) is out of range\n",
                        sbi->s_sys_blocksize);
diff --git a/fs/omfs/omfs_fs.h b/fs/omfs/omfs_fs.h
index ee5e432..83a9833 100644
--- a/fs/omfs/omfs_fs.h
+++ b/fs/omfs/omfs_fs.h
@@ -18,6 +18,7 @@
 #define OMFS_XOR_COUNT 19
 #define OMFS_MAX_BLOCK_SIZE 8192
 #define OMFS_MAX_CLUSTER_SIZE 8
+#define OMFS_MAX_BLOCKS (1ul << 31)
 
 struct omfs_super_block {
        char s_fill1[256];
-- 
1.9.3

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/