xfs: namecheck directory entry names before listing them

Actually call namecheck on directory entry names before we hand them
over to userspace.

Signed-off-by: Darrick J. Wong <darrick.wong@oracle.com>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Reviewed-by: Brian Foster <bfoster@redhat.com>

diff --git a/fs/xfs/xfs_dir2_readdir.c b/fs/xfs/xfs_dir2_readdir.c
index 283df898dd9f6f5c02701dc99bda8f7d9f3b0599..a0bec0931f3bad26194b8b73221220d783f26c93 100644 (file)
--- a/fs/xfs/xfs_dir2_readdir.c
+++ b/fs/xfs/xfs_dir2_readdir.c
@@ -17,6 +17,7 @@
 #include "xfs_trace.h"
 #include "xfs_bmap.h"
 #include "xfs_trans.h"
+#include "xfs_error.h"
 
 /*
  * Directory file type support functions
@@ -115,6 +116,11 @@ xfs_dir2_sf_getdents(
                ino = dp->d_ops->sf_get_ino(sfp, sfep);
                filetype = dp->d_ops->sf_get_ftype(sfep);
                ctx->pos = off & 0x7fffffff;
+               if (!xfs_dir2_namecheck(sfep->name, sfep->namelen)) {
+                       XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
+                                        dp->i_mount);
+                       return -EFSCORRUPTED;
+               }
                if (!dir_emit(ctx, (char *)sfep->name, sfep->namelen, ino,
                            xfs_dir3_get_dtype(dp->i_mount, filetype)))
                        return 0;
@@ -208,12 +214,16 @@ xfs_dir2_block_getdents(
                /*
                 * If it didn't fit, set the final offset to here & return.
                 */
+               if (!xfs_dir2_namecheck(dep->name, dep->namelen)) {
+                       XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
+                                        dp->i_mount);
+                       error = -EFSCORRUPTED;
+                       goto out_rele;
+               }
                if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
                            be64_to_cpu(dep->inumber),
-                           xfs_dir3_get_dtype(dp->i_mount, filetype))) {
-                       xfs_trans_brelse(args->trans, bp);
-                       return 0;
-               }
+                           xfs_dir3_get_dtype(dp->i_mount, filetype)))
+                       goto out_rele;
        }
 
        /*
@@ -222,8 +232,9 @@ xfs_dir2_block_getdents(
         */
        ctx->pos = xfs_dir2_db_off_to_dataptr(geo, geo->datablk + 1, 0) &
                                                                0x7fffffff;
+out_rele:
        xfs_trans_brelse(args->trans, bp);
-       return 0;
+       return error;
 }
 
 /*
@@ -456,6 +467,12 @@ xfs_dir2_leaf_getdents(
                filetype = dp->d_ops->data_get_ftype(dep);
 
                ctx->pos = xfs_dir2_byte_to_dataptr(curoff) & 0x7fffffff;
+               if (!xfs_dir2_namecheck(dep->name, dep->namelen)) {
+                       XFS_ERROR_REPORT(__func__, XFS_ERRLEVEL_LOW,
+                                        dp->i_mount);
+                       error = -EFSCORRUPTED;
+                       break;
+               }
                if (!dir_emit(ctx, (char *)dep->name, dep->namelen,
                            be64_to_cpu(dep->inumber),
                            xfs_dir3_get_dtype(dp->i_mount, filetype)))