diff --git a/fs/squashfs/block.c b/fs/squashfs/block.c index ed0eb2a921f4..fb50652e4e11 100644 --- a/fs/squashfs/block.c +++ b/fs/squashfs/block.c @@ -83,7 +83,8 @@ static struct buffer_head *get_block_length(struct super_block *sb, * filesystem), otherwise the length is obtained from the first two bytes of * the metadata block. A bit in the length field indicates if the block * is stored uncompressed in the filesystem (usually because compression - * generated a larger block - this does occasionally happen with zlib). + * generated a larger block - this does occasionally happen with compression + * algorithms). */ int squashfs_read_data(struct super_block *sb, void **buffer, u64 index, int length, u64 *next_index, int srclength, int pages) diff --git a/fs/squashfs/dir.c b/fs/squashfs/dir.c index 9dfe2ce0fb70..b381305c9a47 100644 --- a/fs/squashfs/dir.c +++ b/fs/squashfs/dir.c @@ -64,7 +64,7 @@ static int get_dir_index_using_offset(struct super_block *sb, * is offset by 3 because we invent "." and ".." entries which are * not actually stored in the directory. */ - if (f_pos < 3) + if (f_pos <= 3) return f_pos; f_pos -= 3; @@ -105,7 +105,7 @@ static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir) struct inode *inode = file->f_dentry->d_inode; struct squashfs_sb_info *msblk = inode->i_sb->s_fs_info; u64 block = squashfs_i(inode)->start + msblk->directory_table; - int offset = squashfs_i(inode)->offset, length = 0, dir_count, size, + int offset = squashfs_i(inode)->offset, length, dir_count, size, type, err; unsigned int inode_number; struct squashfs_dir_header dirh; @@ -173,8 +173,7 @@ static int squashfs_readdir(struct file *file, void *dirent, filldir_t filldir) dir_count = le32_to_cpu(dirh.count) + 1; - /* dir_count should never be larger than 256 */ - if (dir_count > 256) + if (dir_count > SQUASHFS_DIR_COUNT) goto failed_read; while (dir_count--) { diff --git a/fs/squashfs/namei.c b/fs/squashfs/namei.c index 0682b38d7e31..abcc58f3c152 100644 --- a/fs/squashfs/namei.c +++ b/fs/squashfs/namei.c @@ -144,7 +144,7 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry, struct squashfs_dir_entry *dire; u64 block = squashfs_i(dir)->start + msblk->directory_table; int offset = squashfs_i(dir)->offset; - int err, length = 0, dir_count, size; + int err, length, dir_count, size; TRACE("Entered squashfs_lookup [%llx:%x]\n", block, offset); @@ -177,8 +177,7 @@ static struct dentry *squashfs_lookup(struct inode *dir, struct dentry *dentry, dir_count = le32_to_cpu(dirh.count) + 1; - /* dir_count should never be larger than 256 */ - if (dir_count > 256) + if (dir_count > SQUASHFS_DIR_COUNT) goto data_error; while (dir_count--) { diff --git a/fs/squashfs/squashfs_fs.h b/fs/squashfs/squashfs_fs.h index e8e14645de9a..9e2349d07cb1 100644 --- a/fs/squashfs/squashfs_fs.h +++ b/fs/squashfs/squashfs_fs.h @@ -30,11 +30,6 @@ /* size of metadata (inode and directory) blocks */ #define SQUASHFS_METADATA_SIZE 8192 -#define SQUASHFS_METADATA_LOG 13 - -/* default size of data blocks */ -#define SQUASHFS_FILE_SIZE 131072 -#define SQUASHFS_FILE_LOG 17 /* default size of block device I/O */ #ifdef CONFIG_SQUASHFS_4K_DEVBLK_SIZE @@ -46,12 +41,12 @@ #define SQUASHFS_FILE_MAX_SIZE 1048576 #define SQUASHFS_FILE_MAX_LOG 20 -/* Max number of uids and gids */ -#define SQUASHFS_IDS 65536 - /* Max length of filename (not 255) */ #define SQUASHFS_NAME_LEN 256 +/* Max value for directory header count*/ +#define SQUASHFS_DIR_COUNT 256 + #define SQUASHFS_INVALID_FRAG (0xffffffffU) #define SQUASHFS_INVALID_XATTR (0xffffffffU) #define SQUASHFS_INVALID_BLK (-1LL) @@ -142,9 +137,6 @@ #define SQUASHFS_MKINODE(A, B) ((long long)(((long long) (A)\ << 16) + (B))) -/* Translate between VFS mode and squashfs mode */ -#define SQUASHFS_MODE(A) ((A) & 0xfff) - /* fragment and fragment table defines */ #define SQUASHFS_FRAGMENT_BYTES(A) \ ((A) * sizeof(struct squashfs_fragment_entry)) @@ -215,11 +207,6 @@ /* cached data constants for filesystem */ #define SQUASHFS_CACHED_BLKS 8 -#define SQUASHFS_MAX_FILE_SIZE_LOG 64 - -#define SQUASHFS_MAX_FILE_SIZE (1LL << \ - (SQUASHFS_MAX_FILE_SIZE_LOG - 2)) - /* meta index cache */ #define SQUASHFS_META_INDEXES (SQUASHFS_METADATA_SIZE / sizeof(unsigned int)) #define SQUASHFS_META_ENTRIES 127 diff --git a/fs/squashfs/super.c b/fs/squashfs/super.c index 970b1167e7cb..29cd014ed3a1 100644 --- a/fs/squashfs/super.c +++ b/fs/squashfs/super.c @@ -158,10 +158,15 @@ static int squashfs_fill_super(struct super_block *sb, void *data, int silent) goto failed_mount; } + /* Check block log for sanity */ msblk->block_log = le16_to_cpu(sblk->block_log); if (msblk->block_log > SQUASHFS_FILE_MAX_LOG) goto failed_mount; + /* Check that block_size and block_log match */ + if (msblk->block_size != (1 << msblk->block_log)) + goto failed_mount; + /* Check the root inode for sanity */ root_inode = le64_to_cpu(sblk->root_inode); if (SQUASHFS_INODE_OFFSET(root_inode) > SQUASHFS_METADATA_SIZE)