Hello Peter,
On 05.05.26 12:38, Peter Collingbourne wrote:
When encountering a symlink pointing to an absolute path, ubifs_findfile
would return the target of the symlink as the result instead of resolving
any following components in the original path. Fix it by following the
same code path that is used for relative paths except that we set the
next inode to the root if we see a leading slash.
The existing code used memcpy and sprintf to copy the symlink target
into a fixed size stack buffer and was therefore vulnerable to buffer
overflows with a sufficiently long symlink target. Fix it by using a
heap buffer for the temporary path during path resolution.
Signed-off-by: Peter Collingbourne <[email protected]>
Fixes: 9d7952e4c636 ("ubifs: Add support for looking up directory and relative
symlinks")
---
fs/ubifs/ubifs.c | 70 +++++++++++++++++++++++++++++++-----------------
1 file changed, 45 insertions(+), 25 deletions(-)
Thanks!
Reviewed-by: Heiko Schocher <[email protected]>
bye,
Heiko
--
Nabla Software Engineering
HRB 40522 Augsburg
Phone: +49 821 45592596
E-Mail: [email protected]
Geschäftsführer : Stefano Babic
