#include "sqfs_filesystem.h"
#include "sqfs_utils.h"
+#define MAX_SYMLINK_NEST 8
+
static struct squashfs_ctxt ctxt;
+static int symlinknest;
+
+static int sqfs_readdir_nest(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp);
static int sqfs_disk_read(__u32 block, __u32 nr_blocks, void *buf)
{
goto out;
}
- while (!sqfs_readdir(dirsp, &dent)) {
+ while (!sqfs_readdir_nest(dirsp, &dent)) {
ret = strcmp(dent->name, token_list[j]);
if (!ret)
break;
/* Check for symbolic link and inode type sanity */
if (get_unaligned_le16(&dir->inode_type) == SQFS_SYMLINK_TYPE) {
+ if (++symlinknest == MAX_SYMLINK_NEST) {
+ ret = -ELOOP;
+ goto out;
+ }
+
sym = (struct squashfs_symlink_inode *)table;
/* Get first j + 1 tokens */
path = sqfs_concat_tokens(token_list, j + 1);
return metablks_count;
}
-int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp)
+static int sqfs_opendir_nest(const char *filename, struct fs_dir_stream **dirsp)
{
unsigned char *inode_table = NULL, *dir_table = NULL;
int j, token_count = 0, ret = 0, metablks_count;
return ret;
}
+int sqfs_opendir(const char *filename, struct fs_dir_stream **dirsp)
+{
+ symlinknest = 0;
+ return sqfs_opendir_nest(filename, dirsp);
+}
+
int sqfs_readdir(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp)
+{
+ symlinknest = 0;
+ return sqfs_readdir_nest(fs_dirs, dentp);
+}
+
+static int sqfs_readdir_nest(struct fs_dir_stream *fs_dirs, struct fs_dirent **dentp)
{
struct squashfs_super_block *sblk = ctxt.sblk;
struct squashfs_dir_stream *dirs;
return datablk_count;
}
-int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
- loff_t *actread)
+static int sqfs_read_nest(const char *filename, void *buf, loff_t offset,
+ loff_t len, loff_t *actread)
{
char *dir = NULL, *fragment_block, *datablock = NULL, *data_buffer = NULL;
char *fragment = NULL, *file = NULL, *resolved, *data;
}
/*
- * sqfs_opendir will uncompress inode and directory tables, and will
+ * sqfs_opendir_nest will uncompress inode and directory tables, and will
* return a pointer to the directory that contains the requested file.
*/
sqfs_split_path(&file, &dir, filename);
- ret = sqfs_opendir(dir, &dirsp);
+ ret = sqfs_opendir_nest(dir, &dirsp);
if (ret) {
goto out;
}
dirs = (struct squashfs_dir_stream *)dirsp;
/* For now, only regular files are able to be loaded */
- while (!sqfs_readdir(dirsp, &dent)) {
+ while (!sqfs_readdir_nest(dirsp, &dent)) {
ret = strcmp(dent->name, file);
if (!ret)
break;
break;
case SQFS_SYMLINK_TYPE:
case SQFS_LSYMLINK_TYPE:
+ if (++symlinknest == MAX_SYMLINK_NEST) {
+ ret = -ELOOP;
+ goto out;
+ }
+
symlink = (struct squashfs_symlink_inode *)ipos;
resolved = sqfs_resolve_symlink(symlink, filename);
- ret = sqfs_read(resolved, buf, offset, len, actread);
+ ret = sqfs_read_nest(resolved, buf, offset, len, actread);
free(resolved);
goto out;
case SQFS_BLKDEV_TYPE:
return ret;
}
-int sqfs_size(const char *filename, loff_t *size)
+int sqfs_read(const char *filename, void *buf, loff_t offset, loff_t len,
+ loff_t *actread)
+{
+ symlinknest = 0;
+ return sqfs_read_nest(filename, buf, offset, len, actread);
+}
+
+static int sqfs_size_nest(const char *filename, loff_t *size)
{
struct squashfs_super_block *sblk = ctxt.sblk;
struct squashfs_symlink_inode *symlink;
sqfs_split_path(&file, &dir, filename);
/*
- * sqfs_opendir will uncompress inode and directory tables, and will
+ * sqfs_opendir_nest will uncompress inode and directory tables, and will
* return a pointer to the directory that contains the requested file.
*/
- ret = sqfs_opendir(dir, &dirsp);
+ ret = sqfs_opendir_nest(dir, &dirsp);
if (ret) {
ret = -EINVAL;
goto free_strings;
dirs = (struct squashfs_dir_stream *)dirsp;
- while (!sqfs_readdir(dirsp, &dent)) {
+ while (!sqfs_readdir_nest(dirsp, &dent)) {
ret = strcmp(dent->name, file);
if (!ret)
break;
break;
case SQFS_SYMLINK_TYPE:
case SQFS_LSYMLINK_TYPE:
+ if (++symlinknest == MAX_SYMLINK_NEST) {
+ *size = 0;
+ return -ELOOP;
+ }
+
symlink = (struct squashfs_symlink_inode *)ipos;
resolved = sqfs_resolve_symlink(symlink, filename);
ret = sqfs_size(resolved, size);
sqfs_split_path(&file, &dir, filename);
/*
- * sqfs_opendir will uncompress inode and directory tables, and will
+ * sqfs_opendir_nest will uncompress inode and directory tables, and will
* return a pointer to the directory that contains the requested file.
*/
- ret = sqfs_opendir(dir, &dirsp);
+ symlinknest = 0;
+ ret = sqfs_opendir_nest(dir, &dirsp);
if (ret) {
ret = -EINVAL;
goto free_strings;
dirs = (struct squashfs_dir_stream *)dirsp;
- while (!sqfs_readdir(dirsp, &dent)) {
+ while (!sqfs_readdir_nest(dirsp, &dent)) {
ret = strcmp(dent->name, file);
if (!ret)
break;
return ret == 0;
}
+int sqfs_size(const char *filename, loff_t *size)
+{
+ symlinknest = 0;
+ return sqfs_size_nest(filename, size);
+}
+
void sqfs_close(void)
{
sqfs_decompressor_cleanup(&ctxt);
projects / u-boot.git / commitdiff