From: Jan Kara <jack@suse.cz>
To: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Cc: Jan Kara <jack@suse.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/7] udf: Check output buffer length when converting name to CS0
Date: Mon, 4 Jan 2016 18:19:07 +0100 [thread overview]
Message-ID: <20160104171907.GG13014@quack.suse.cz> (raw)
In-Reply-To: <1450974338-22762-3-git-send-email-andrew_gabbasov@mentor.com>
On Thu 24-12-15 10:25:33, Andrew Gabbasov wrote:
> If a name contains at least some characters with Unicode values
> exceeding single byte, the CS0 output should have 2 bytes per character.
> And if other input characters have single byte Unicode values, then
> the single input byte is converted to 2 output bytes, and the length
> of output becomes larger than the length of input. And if the input
> name is long enough, the output length may exceed the allocated buffer
> length.
>
> All this means that conversion from UTF8 or NLS to CS0 requires
> checking of output length in order to stop when it exceeds the given
> output buffer size.
>
> Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
I have taken this patch to my tree with a slight modification that
udf_xxxtoCS0 functions return 0 when they would need to truncate the name.
That way we properly return ENAMETOOLONG when user tries to create name we
cannot store instead of silently truncating it.
Honza
> ---
> fs/udf/unicode.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
> index 95a224b..155f912 100644
> --- a/fs/udf/unicode.c
> +++ b/fs/udf/unicode.c
> @@ -177,17 +177,18 @@ int udf_CS0toUTF8(struct ustr *utf_o, const struct ustr *ocu_i)
> static int udf_UTF8toCS0(dstring *ocu, struct ustr *utf, int length)
> {
> unsigned c, i, max_val, utf_char;
> - int utf_cnt, u_len;
> + int utf_cnt, u_len, u_ch;
>
> memset(ocu, 0, sizeof(dstring) * length);
> ocu[0] = 8;
> max_val = 0xffU;
> + u_ch = 1;
>
> try_again:
> u_len = 0U;
> utf_char = 0U;
> utf_cnt = 0U;
> - for (i = 0U; i < utf->u_len; i++) {
> + for (i = 0U; (i < utf->u_len) && ((u_len + 1 + u_ch) < length); i++) {
> c = (uint8_t)utf->u_name[i];
>
> /* Complete a multi-byte UTF-8 character */
> @@ -229,6 +230,7 @@ try_again:
> if (max_val == 0xffU) {
> max_val = 0xffffU;
> ocu[0] = (uint8_t)0x10U;
> + u_ch = 2;
> goto try_again;
> }
> goto error_out;
> @@ -299,15 +301,16 @@ static int udf_NLStoCS0(struct nls_table *nls, dstring *ocu, struct ustr *uni,
> int len;
> unsigned i, max_val;
> uint16_t uni_char;
> - int u_len;
> + int u_len, u_ch;
>
> memset(ocu, 0, sizeof(dstring) * length);
> ocu[0] = 8;
> max_val = 0xffU;
> + u_ch = 1;
>
> try_again:
> u_len = 0U;
> - for (i = 0U; i < uni->u_len; i++) {
> + for (i = 0U; (i < uni->u_len) && ((u_len + 1 + u_ch) < length); i++) {
> len = nls->char2uni(&uni->u_name[i], uni->u_len - i, &uni_char);
> if (!len)
> continue;
> @@ -320,6 +323,7 @@ try_again:
> if (uni_char > max_val) {
> max_val = 0xffffU;
> ocu[0] = (uint8_t)0x10U;
> + u_ch = 2;
> goto try_again;
> }
>
> --
> 2.1.0
>
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2016-01-04 17:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-24 16:25 [PATCH v2 0/7] udf: rework name conversions to fix multi-bytes characters support Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 1/7] udf: Prevent buffer overrun with multi-byte characters Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 2/7] udf: Check output buffer length when converting name to CS0 Andrew Gabbasov
2016-01-04 17:19 ` Jan Kara [this message]
2015-12-24 16:25 ` [PATCH v2 3/7] udf: Parameterize output length in udf_put_filename Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 4/7] udf: Join functions for UTF8 and NLS conversions Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 5/7] udf: Adjust UDF_NAME_LEN to better reflect actual restrictions Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 6/7] udf: Remove struct ustr as non-needed intermediate storage Andrew Gabbasov
2016-01-04 12:32 ` Jan Kara
2016-01-11 13:31 ` Andrew Gabbasov
2016-01-12 13:39 ` Jan Kara
2015-12-24 16:25 ` [PATCH v2 7/7] udf: Merge linux specific translation into CS0 conversion function Andrew Gabbasov
2016-01-04 13:25 ` Jan Kara
2016-01-11 13:31 ` Andrew Gabbasov
2016-01-04 13:30 ` [PATCH v2 0/7] udf: rework name conversions to fix multi-bytes characters support Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160104171907.GG13014@quack.suse.cz \
--to=jack@suse.cz \
--cc=andrew_gabbasov@mentor.com \
--cc=jack@suse.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.