From: Jan Kara <jack@suse.cz>
To: Andrew Gabbasov <andrew_gabbasov@mentor.com>
Cc: Jan Kara <jack@suse.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH v2 2/7] udf: Check output buffer length when converting name to CS0
Date: Mon, 4 Jan 2016 18:19:07 +0100 [thread overview]
Message-ID: <20160104171907.GG13014@quack.suse.cz> (raw)
In-Reply-To: <1450974338-22762-3-git-send-email-andrew_gabbasov@mentor.com>
On Thu 24-12-15 10:25:33, Andrew Gabbasov wrote:
> If a name contains at least some characters with Unicode values
> exceeding single byte, the CS0 output should have 2 bytes per character.
> And if other input characters have single byte Unicode values, then
> the single input byte is converted to 2 output bytes, and the length
> of output becomes larger than the length of input. And if the input
> name is long enough, the output length may exceed the allocated buffer
> length.
>
> All this means that conversion from UTF8 or NLS to CS0 requires
> checking of output length in order to stop when it exceeds the given
> output buffer size.
>
> Signed-off-by: Andrew Gabbasov <andrew_gabbasov@mentor.com>
I have taken this patch to my tree with a slight modification that
udf_xxxtoCS0 functions return 0 when they would need to truncate the name.
That way we properly return ENAMETOOLONG when user tries to create name we
cannot store instead of silently truncating it.
Honza
> ---
> fs/udf/unicode.c | 12 ++++++++----
> 1 file changed, 8 insertions(+), 4 deletions(-)
>
> diff --git a/fs/udf/unicode.c b/fs/udf/unicode.c
> index 95a224b..155f912 100644
> --- a/fs/udf/unicode.c
> +++ b/fs/udf/unicode.c
> @@ -177,17 +177,18 @@ int udf_CS0toUTF8(struct ustr *utf_o, const struct ustr *ocu_i)
> static int udf_UTF8toCS0(dstring *ocu, struct ustr *utf, int length)
> {
> unsigned c, i, max_val, utf_char;
> - int utf_cnt, u_len;
> + int utf_cnt, u_len, u_ch;
>
> memset(ocu, 0, sizeof(dstring) * length);
> ocu[0] = 8;
> max_val = 0xffU;
> + u_ch = 1;
>
> try_again:
> u_len = 0U;
> utf_char = 0U;
> utf_cnt = 0U;
> - for (i = 0U; i < utf->u_len; i++) {
> + for (i = 0U; (i < utf->u_len) && ((u_len + 1 + u_ch) < length); i++) {
> c = (uint8_t)utf->u_name[i];
>
> /* Complete a multi-byte UTF-8 character */
> @@ -229,6 +230,7 @@ try_again:
> if (max_val == 0xffU) {
> max_val = 0xffffU;
> ocu[0] = (uint8_t)0x10U;
> + u_ch = 2;
> goto try_again;
> }
> goto error_out;
> @@ -299,15 +301,16 @@ static int udf_NLStoCS0(struct nls_table *nls, dstring *ocu, struct ustr *uni,
> int len;
> unsigned i, max_val;
> uint16_t uni_char;
> - int u_len;
> + int u_len, u_ch;
>
> memset(ocu, 0, sizeof(dstring) * length);
> ocu[0] = 8;
> max_val = 0xffU;
> + u_ch = 1;
>
> try_again:
> u_len = 0U;
> - for (i = 0U; i < uni->u_len; i++) {
> + for (i = 0U; (i < uni->u_len) && ((u_len + 1 + u_ch) < length); i++) {
> len = nls->char2uni(&uni->u_name[i], uni->u_len - i, &uni_char);
> if (!len)
> continue;
> @@ -320,6 +323,7 @@ try_again:
> if (uni_char > max_val) {
> max_val = 0xffffU;
> ocu[0] = (uint8_t)0x10U;
> + u_ch = 2;
> goto try_again;
> }
>
> --
> 2.1.0
>
>
--
Jan Kara <jack@suse.com>
SUSE Labs, CR
next prev parent reply other threads:[~2016-01-04 17:19 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-12-24 16:25 [PATCH v2 0/7] udf: rework name conversions to fix multi-bytes characters support Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 1/7] udf: Prevent buffer overrun with multi-byte characters Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 2/7] udf: Check output buffer length when converting name to CS0 Andrew Gabbasov
2016-01-04 17:19 ` Jan Kara [this message]
2015-12-24 16:25 ` [PATCH v2 3/7] udf: Parameterize output length in udf_put_filename Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 4/7] udf: Join functions for UTF8 and NLS conversions Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 5/7] udf: Adjust UDF_NAME_LEN to better reflect actual restrictions Andrew Gabbasov
2015-12-24 16:25 ` [PATCH v2 6/7] udf: Remove struct ustr as non-needed intermediate storage Andrew Gabbasov
2016-01-04 12:32 ` Jan Kara
2016-01-11 13:31 ` Andrew Gabbasov
2016-01-12 13:39 ` Jan Kara
2015-12-24 16:25 ` [PATCH v2 7/7] udf: Merge linux specific translation into CS0 conversion function Andrew Gabbasov
2016-01-04 13:25 ` Jan Kara
2016-01-11 13:31 ` Andrew Gabbasov
2016-01-04 13:30 ` [PATCH v2 0/7] udf: rework name conversions to fix multi-bytes characters support Jan Kara
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20160104171907.GG13014@quack.suse.cz \
--to=jack@suse.cz \
--cc=andrew_gabbasov@mentor.com \
--cc=jack@suse.com \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).